Take the ISO 27001 course exam and get the
EU GDPR course exam for free

ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Asset management

     Concerning my query on Asset Management
  • ISO 27001 on a personal level

     I was interested to learn about iso 27001 on a personal level, but it is a bit much for a small organization with no formal security, no compliance requirements, and no desire to add security.
  • Clause 7.2

     I noticed in the article indicated that the clause 7.2 is included in internal issues. I must prove that people involved in the implementation of the ISMS has competence to perform these tasks, or should I just have evidence that gave training to all company employees to become aware?
  • Your organization and your customer

    Please, I would like to ask about ISO 27001. I have on doubt. For example, I selling a SYSTEM. So, my customer has whole infrastructure to support the SYSTEM that he bought from me. Servers, Storage, Network. I just create and install the SYSTEM on the customer environment. All management is customers own.
  • Implementation, maintenance and improvement of the ISMS

     What would be resources for the implementation, maintenance and improvement are ISMS and which document I must inform you
  • Risk Treatment Plan and Risk Treatment Process

    According to this article (Risk Treatment Plan and risk treatment process - What's the difference) risk treatment plan have to set a responsible, it is the same responsible for the risk I determined the risk assessment table?
  • Clauses and security controls

    Your statement of applicability starts with A.5 but your Mandatory Doc starts with a 4.X. Mandatory is 2013 but I am not sure the controls match up?
  • Identify Internal and External issues

     The standard requires that we identify internal and external issues that are relevant to the organization. According to ISO 31000 these factors could be cultural, political, financial, etc. But what about these factors I have to collect and what it can influence the information security?
  • How to write ISO 27001 risk assessment methodology

     many thanks for your mail. I tried the first document template I ordered and I like it. I will try to convince my boss to buy the rest next week. We just started our project for implementing the iso27001 in our company.
  • Checklist

     By the checklist that is given in these documents there are few templates that seems to be missing.