Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Question on Creating a Business Case for ISMS ISO 27001:2013

    1. Is the creation of an ISO 27001 ISMS Implementation Business Case document mandatory? 2. What components should the business case contain? 3. When is the Business Case document created? before starting the ISMS planning phase? after the gap analysis, after the risk analysis, etc.? 4. As in the initial phase of an ISO 27001 ISMS implementation project, the cost and/or the investments required for the implementation of the controls for the treatment of risks are not yet known, how is the financial budget of an ISO 27001 ISMS project to add it to the Business Case?

  • More questions on Additions to Conformio

    Can you perhaps enlighten me as to how to segregate departments in the Audit Process. I have a client that has 11 departments each with their own set of Risks, and they would like to know if they need to read through the entire Risk Treatment plan so as to identify Risks that are applicable to their specific Business unit.

  • ISO 27001 question

    We got feedback from the auditor that we need to have the document code included in all documents. Is this mandatory based on the standard?

  • Question regarding ISO27001 implementation - Interested parties

    I have been trying to complete the 02.1_Appendix_List_of_Legal_Regulatory_Contractual_and_Other_Requirements_Integrated_EN I am getting myself rather confused, previously I have maintained an integrated 9001 and 27001 so I have been thinking along the lines for these interested parties. However, after much researching of the internet I get the idea this time it should only be parties interested in our Information Security only can you confirm if this is right or wrong please? So things like The Working Time Directive an equal opportunities laws don’t need to be included? Also things like the WEEE directive would I include because of the disposal of data\hardware? And maintenance companies that service the data centres for equipment like AirCon, would I include them?

  • ISO 27001 external audit for rest of employees

    As part of ISO 27001 external audit and apart from the security awareness training, we would like to inquiry on topics the auditor will be interviewing the rest of *** employees (the ones who are not currently set up to be members of the ISMS in Conformio). Currently, we are a bit concerned about what questions the auditor might be asking employees and some directions from you would be much useful.

  • ISO 27001 toolkit

    Wondering if an updated toolkit will be supplied to registered users (as I) for the upcoming 2022 standard version. Also wondering if any ISO27017 and ISO27018 expansion packs are available, or at least a document matrix alignment with ISO27001.

  • Standard Forms

    Where in Conformio can I find templates? I am looking for a template to address the requirements in 27002 12.1.2.

  • Conformio - Managing Records kept on the basis of any document

    Hello All, We notice that there is no way for us to fully editing the Controls for record protection under managing records kept of any document generated in Conformio. Currently, it only shows and limits to a specific personal and we need to remove that. Please find example below: https://prnt.sc/SRwXNZhPW5Nl The following word only cannot be removed and as you can also notice, it limits to a specific personal rather than a group of personnel which is what we aim for really.

  • Incident Response Plan

    Es posible utilizar parte de la documentación generada para la ISO 45001 (Seguridad y salud en el trabajo) para referenciar ciertos puntos que se topan en el doc "17.4.1_Apendice_1_Plan de respuesta incidentes" de la ISO 27001" literal 4.2 "Control y erradicación de un incidente". It is possible to use part of the documentation generated for ISO 45001 (Safety and health at work) to refer to certain points that are found in the doc "17.4.1_Appendix_1_Incident response plan" of ISO 27001" literal 4.2 "Control and eradication of an incident".

  • Advisera ISO toolkit ISO27017 ISO27018

    Within each document, how do we know which sections or paragraphs or sentences that are designated for 27017/18? Are they marked specifically or customers/readers have to manually find them?
Page 49 of 544 pages