Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 Documentation
Do you have an asset tracking document format in your toolkit or available on your website? -
Three-Year ISO Certification Cycle
Hi, this is my first question here! Where exactly is it defined that ISO 27001 has a 3 year certificate to include Stage 1 & 2 audits along with annual Surveillance Reviews until its expiration? I'm still trying to wrap my head around Certification Bodies. Thank you. -
Conformio Risk Register
I noticed that the risk register within Confirmio is built with asset-focused method of doing risk assessment (as per version 27001:2005). However, with version of 27001:2013, the risk assessment method is using information-focused (6.1.2.c.1).
My question is do you have a risk register module that follows information-focused approach?
-
Query on Business Continuity Plan
A query regarding the Business Continuity Plan. in document A.17.4 literal 3.4 it indicates: "The Disaster Recovery Plan and the recovery plans for particular activities are activated exclusively by decision of the Crisis Manager, when he assesses whether a certain activity will remain interrupted for a period greater than the recovery time objective for that activity. " Does this mean that the DRP will be activated as long as the incident exceeds the established RTO time? -
Enterprise Account for Security Awareness Programs
thanks a lot for your eMails (I´m also registered under ***), but I´m writing you from my companys eMail now. You maybe don`t remember me, but we are being in contact in Year 2016, as I was implementing ISO 27001 for a customer in ***. At that time, I`ve bought (acquired) the “ISO 27001 Toolkit” from you and it`s was really very helpful. If you remember, I also bought later your EU-DSGVO Toolkit (2017). Since 20198 I´m become Freelancer for Compliant & Information Security and I´m very happy for that, because I`m being very successful the whole time. Now, I`m starting a project for a different German customer to implement Business Continuity Management, according to ISO 22301. What I need to know it is, if your ISO 22301 Toolkit much more different is to the content comparing to the ISMS one. This is the content of my ISO 27001 Toolkit:
I need your answer as an expert, but not as a commercial vendor, then I need to know if I´ll received value added if I buy your ISO 22301 Toolkit for my actually project.
Please let me know, from expert to expert, if this make sense for me or not. If you told me it`s make really sense and will helpful for me to implement the BCM project, then I`ll make an order to you. Perhaps, you`ll remember me as a client and you`ll make me a special offer for this BCM-Toolkit.
I really appreciate an expert answer from you.
-
ISMS implementation
At the moment, my questions regarding ISO implementation are: · In document 2.1 it asks for requirements. It is not clear to me how to identify those requirements. Can we link them to controls from the Annex? · For the ISMS Scope: we want to certify only our location in Belgium and we were advised by certification bodies to not mention our second location in Poland at all. However, our processes happen regardless of the location and part of them happens in Poland. Can we (and how) exclude Poland from the ISMS while keeping the processes? · Given that it's the first time we implement ISO in aug.e, what are the steps we should follow regarding filling in the documents? It seems to us that we will have to go back and forth in a way that will be quite confusing. I couldn't find any relevant information in the Advisera courses. -
Additions to Conformio
Please can you advise with regards to the following; In Conformio Risk Register I am able to add Risks – which are specific to a client If the Control is from an alternative Source for example ISO 31000, can this control be added to Control ID defined in SoA? If this is not possible how would I be able to manage All Risks in the organisation through Conformio if ISO 27001 is the only source of Controls? -
Information security policies
Can you help me with the following questions: 1- ISMS Security Objectives can be the same Control Objectives of ISO 27001:2013 or are they two different types of objectives? 2 - What is the difference between an information security policy and a recommended control or can they be the same? 3 - For the establishment of the ISMS Security Policies, can the textual requirements of ISO 27001:2013 be taken? 4 - For the establishment of the ISMS Security Policies, can the same statements of the Control Objectives of ISO 27001:2013 be taken? 5 - For the establishment of the ISMS Security Policies, can the same 114 statements of the ISO 27001:2013 Controls be taken? -
ISO 27001 templates
Hi, we have recently purchased your ISO templates and I am one of those responsible for working on them. In the document A.12.1_Security_Procedures_for_IT_Department_Cloud there is a section down the bottom with all the attachments which I am lost in because I could not find any templates on those attachments. These are: [Security features and level of expected service for network services] – electronic and paper form [Security features and level of expected service for cloud services] – electronic and paper form And I simply do not know where to start from the scratch [Erasure/destruction records] – in paper form [Decisions about the communication channels used for specific types of information, restrictions, forbidden activities] – electronic form Is there any template that could help please? -
Scope Document
I am currently working through the Scope document for the ISO27001 audit, and had a quick question regarding the scope document, but really all of them. There are many sections of the documents that describe the purpose of the document, and I was wondering if there is anything I NEED to delete off of the documents for the audit itself? Or am I okay to just fill in the information for my company, and leave the rest?