Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:

ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Examples of goals for the ISMS

  • Catalogue of threats/vulnerabilities

  • Necessary documents

  • Controls in progress

  • Declaring a Disaster

    Currently we have a stated time to: a) assess an incident and declare a disaster (12 hours) b) activate Recovery Plans to re-instate customer systems (8 hours) However, looking at this from a customer perspective, they could argue that this adds up to an RTO of 12+8 = 20 hours. Can anyone offer advice on how to document (contractually) and manage customer expectations? Of course, we are putting the microscope on how we can improve the time for a)
  • BIA and RA

  • Online service

  • ISO 27005

  • Frequency of updating the Statement of Applicability

    I would just like to inquire on the frequency of updating the statement of applicability? Is there a need to update it after ISMS implementation?  Say for example during the initial phase, one of the controls is not yet implemented but after a year, it was already documented and already in practice.  Do we have to update the SOA because of that change?
  • Risks database

    Hi Everyone , Does anyone know where can we find a public risks database. Thank you .