Take the ISO 27001 course exam and get the
EU GDPR course exam for free

ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • ISO 27001 for a Data Center

     A company wants to get certified for ISO 27001:2013 for their Data Center only.  What would be the steps to achieve this?  What is the implication on the Statement of Applicability document?  Thank you in advance for your reply.
  • Software development company

    I have a question about ISO27001, our company is a software development company. In 14 it says it services but in 6.1.5 it says regardless of the project. My Question is in our projects(we develop the code)which have a logging screen, with respect to ISO 27001 do we need to apply secure log-on password management or event logging if as a company we had a ISO 27001.
  • Risk assessment based on processes

    How can I modify the risk assessment and treatment methodology, in order to not use asset-threat-vulnerability? Regarding Risk identification: I want to identify risks using processess, departments and category of assets - not individual assets.
  • Confining a registrar to the scope that has been defined

    How does one go about confining a registrar during the audit to the scope that has been defined? I’ve experienced an auditor who seems to be attempting to expand ISMS scope beyond the internally agreed upon scope. We are limiting scope of the ISMS to the ***; nothing more – nothing less.
  • Record maintenance system

     A follow up question? I don’t think we have a record maintenance system?! Can you give me example of such systems. Can we use sharepoint for this?
  • Business Continuity Assessment

     Dejan do you have any webinar's that focus on conducting a Business Continuity Assessment using the ISO22301 standard?  This would be used for companies that have an existing BC Program to provide improvement opportunities to strengthen there existing program.
  • Include controls in the SOA

     In inclusion of controls in Annex A, what possibly could be the justifications if we cant find any justifications from risk assessment, legal requirement, contractual requirement or business requirement/best practice?
  • ISO 27001 mandatory documents

     Hope you are doing great.. Regarding the mandatory documents required by ISO27k,   I had got this following email list from you. I guess the current version V3 has changed the clause numbering ? and as far as the content goes, it still remains the same documents (with changed clause numbers ) right ? Kindly confirm  if  my understanding is right please.
  • Disciplinary actions

     In which document should we talk about disciplinary actions (or penalties) if the ISMS is violated by an employee? Is this point covered in a template provided?
  • Big asset inventory

     Our approach is to prepare asset inventories per department/section. Currently, the asset owners are finishing this exercise and some have already sent the inventory files back to me for reviews.