Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Validation of the ISO certification

    once a person is certified, how long is this certificate valid as an auditor? Is there a reference? for example if someone is certified auditor since 2015, is it still valid? https://i.imgur.com/AR44Jl4.png

  • ISO 27001 Contact with Authorities

    When looking at ISO27001, what are examples of relevant authorities under Annex A.6. As a US company, we may model our work around GDPR, but we don't necessarily have a legal requirement to follow it. With that said, are there any other authorities we would want to maintain contact with?

  • Asset management

    My question is about your asset inventory, I have doubts, I have a list, among the list there is equipment such as laptops and desktops, software, servers, licenses, records, the entire list is entered as assets, for example: I have approx 22 laptops, are they all entered individually as assets or do I only take it all as one? If you had an example of one made I would appreciate it to guide me.

  • Non-conformities

    Hi Dejan, I wanted to ask you about documented information for the ISO 27001 Clauses 4.2 and 4.4. For the Clause 4.2, our external auditor requires us to have a document containing all needs and expectation of interested parties. My understanding is that there’s no standard requirement to have this information gathered in one document. We have evidence of those requirements recorded in various other documents. Would you consider this a major nonconformity? Please see attached the document version we currently have in place, Compliance_Requirements.pdf. For the Clause 4.4., our external auditor requires us to have a documented ISMS Manual that includes references and implementation details for all Clauses 4 to 10. My understanding is that there’s no standard requirement for an ISMS Manual document. Would you consider this a major nonconformity? Please see attached the document version we currently have in place, ISMS_Manual.pdf. Thank you for your help.

  • Mapping of requirements categories to ISO 27001 Compliance controls (Conformio)

    We have a customer that requires that a quarterly Penetration test. We believe this requirement is related to Operation of information technology in the dropdown. So far so good, however we believe it also is related to ISO27001 control 18.2.3 Technical compliance review, however there is no corresponding option in the dropdown to choose a Compliance type of category for this requirement. Is this an omission? Or, to what dropdown item should we map this requirement so that it shows up in the appropriate area of the SoA?

  • Control A.8.2 Information Classification

    As a small business, we are inclined not to implement the following Annex A control Information classification as after the risk assessment, management has taken a decision to accept the risk however, we are also told this is a critical control that some auditors don’t like when that is not implemented therefore as an alternative on that control, we can have all our documents classified as internal and in case we need to provide sensitive information to external parties for example, then we will have a process of approvals and change the classification based on the document complexity?

  • Consultation to ISO 27001 documentation

    1. Within the points that are detailed in the ISO 27001 templates, there is no point related to sanctions, it is possible to place this point within the corresponding documents, to detail which are the (labor) reprimands that would be obtained by the Failure to comply with any of the guidelines of X Policy. 2. I have another query: Within the Business Impact Questionnaire, this must be done for each activity that is managed in the organization or several activities can be placed in a single questionnaire. If the answer is YES, please indicate how to place this. https://i.imgur.com/B9697X0.png

  • Mapping of requirements categories to ISO 27001 Human Resource controls (Conformio)

    We have a customer that requires that *** employees are submitted to background checks, etc. This correlates to ISO 27001 Clause 7, Human Resource Security. However, there does not really seem to be a matching category in the “To what area is this requirement related?” dropdown list. Is this an omission? Or, to what dropdown item should we map this requirement so that it shows up in the appropriate area of the SoA?
Page 48 of 544 pages