ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Procedure for the information security incidents

  • What is ISO 27001?

  • Referencing to security controls in policies and procedures

    At the the start of the document ‘Beleid voor aanvaardbaar gebruik’ (acceptable use of information & means) you reference a number of control objectives from Annex A. These are referenced in an un-specific manner, without being specific about the way these are documented in this ‘Beleid’ or implemented individually.Does this not defeat the specific connection between risks and mitigating security measures, or are you of the opinion that that aspect (iso27k 6.2) is covered sufficiently in the ’risk treatment plan’.

  • Clause 9.1 - measurement in ISO 27001 toolkit

    I was reviewing the ISO 27001 standard and was reading section 9.1 about monitoring, measurement, analysis, and evaluation. How does your documents deal with this? I know at the end of some of the documents, I've seen sections called "managing records kept on the basis of this document". This isn't how you are trying to monitor the effectiveness of processes and controls is it? Have I overlooked a document... I'm not really seeing anything that addresses 9.1. I guess when I read 9.1 about monitoring, measurement, analysis, and evaluation, I'm thinking it is something more driven around key performance indicators (KPI's), Service level agreements (SLA's), or something that would show stats about the effectiveness and relevancy where there was more of a system that gave analytics of some type. What are your thoughts?

  • Using ISO 27001 & ISO 22301 Toolkit for ISO 22301 implementation

    I am trying to use the toolkit for 22301, I am always faced with the situation that it is all set up for information security, for instance the risk assessment procedure, totally oriented to information security. I need the system for BCM, can you please advise.

  • ISO 22301 for a part of my organization

  • MAD, MTD and RTO

    As you Know during BIA you determine the RTO and RPO. but the question here is what is the difference between Maximum Allowable Downtime (MAD), Maximum Tolerable Downtime (MTD) and Recovery Time Objective (RTO).

  • Auditors are not allowed to audit their own work

  • Who should be part of BCM team
Page 455 of 544 pages