Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends November 28, 2022
Use promo code:

ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Exclusion of controls

     Which controls from Annex A can be excluded, if my organization:
  • Communication Plan and Corrective Actions

  • Get qualifications

     We have 3 IT personnel within the Agency IT Department and as we have implemented the ISO 27001 standard a few years back after an IT audit we would like information on how to proceed to get qualifications within this area – Any advice on this area and what training path to take would be much appreciated –
  • Security Compliance Management

    I thing, that Annex A from 27K1 , part 18 Security Compliance Management  is missing in your toolkit or ….. I can’t find it. This part is necessary for successful certification.
  • Differences between third party and suppliers

     Can you confirm what the differences are (if any) in regards to third parties and suppliers (vendors) In respect to Third party agreement vs. supplier relationships - I’m thinking none, is it just a case of terminology??
  • The owner of the ISO 27001 has been changed to a new departmanet

    I do have one critical question, in our organization we already certified on iso27001:2005 under the owner of one department. The organization established new GRC function(department) and one role is to own and manage the iso 27001 certification. Is the certification will be voided if the owner of the iso 27001 has been changed to the new department (the two department are under the same organization)
  • Information Security Objectives

    Hi friends, Based in ISO 27001:2013, "Information Security Objectives" is referred to 'confidentiality', 'integrity', 'availability', 'non-repudiation', and so on...? Is it true? Additional, How to measure it? And, how would be the plan or framework to achieve them?? Thank you Best regards
  • ISO 27001 and ISO 20000

  • Methodology for the risk assessment & treatment

  • Searching jobs as internal auditor