ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Controls in SoA

    Hi friends, Your support with the following doubt: If in the Risk Management I didn't identified an ISO 27002 control like necessary, Can I to include that control in the SoA anyway, considering its implementation like 'best practice'? Thank you. Best regards
  • Cloud computing

     Hi, Can you please let me know what we can use to secure cloud. I have some info about fedRAMP but its too strict. is there any doable and accessible standard available. How close is it with ISO 27001 
  • Assets mentioned by the owner

     I was asked a couple of days ago about how to make sure that the assets mentioned by the owner is truly a reliable one and how to distinguish it from other unreliable ones. Appreciate if you helped me in that matter. 
  • Leadership and commitment and Planning - General

     In which documents (from ISO27001 toolkit) should I address requirements from clause 5.1, clause 6.1.1 and clause 8.1 ?
  • Clauses and controls achieved by completing the disaster recovery plan

     What are the clauses and controls achieved by completing the disaster recovery plan?
  • Corrective actions

  • Qualitative and quantitative risk assessmentGet the ISO 27001 certification

     I need to know  difference between “qualitative and quantitative risk assessment” with examples, do you have any blog on this or can you please send a mail with answer.
  • Disaster recovery site

     Do we require a disaster recovery site to pass iso 27001 certification?
  • Verify if a company is certified with ISO/IEC 27001

    How can I verify if a company is certified with ISO/IEC 27001 standard?
  • Documentation control

     I have one question regarding the procedure of documentation control (7.5). This document defines how to handle documents which are produced within the ISMS such as BYOD Policy or Risk Assessment Methodology but what about documents which are in the company anyway. I am talking not only about policies which were issued long before the implementation process even started or documents which you would actually include as Assets. I am thinking of stuff like contracts, Mail, E-Mail.... Does the documentations control procedure apply to those as well?