ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • ISO 27001 Lead Implementer / Lead Auditor

  • Technological vulnerabilities

  • Software developmnet within the company

    Our company sells software we develop ourselves. Development is done within a separate system and is managed by its own policies, procedures, and has its own set of (security) requirements. Do we need to include these policies, procedures and requirements into the ISMS? I prefer to exclude this from the ISMS scope, because we don’t use this software in our oown production environment and the  requirements are customer specific. Thanks.
  • Documents and procedures separately

  • Confidentiality level for the Business Continuity Policy

  • Justification in SoA

  • Procedure to become Lead Auditor

  • Clause 8.1 ISO 27001:2013

  • Recovery Point Objective

  • Sample risks related to staff resignation and pension