SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1916
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Documentation control

     I have one question regarding the procedure of documentation control (7.5). This document defines how to handle documents which are produced within the ISMS such as BYOD Policy or Risk Assessment Methodology but what about documents which are in the company anyway. I am talking not only about policies which were issued long before the implementation process even started or documents which you would actually include as Assets. I am thinking of stuff like contracts, Mail, E-Mail.... Does the documentations control procedure apply to those as well?

  • ISO 27001 Lead Auditor Exam

     Can you provide a sample question for ISO 27001 Lead Auditor Exam?

  • Vigencia certificado personal Auditor Lider ISO 27001

     Sobre una certificación - Information Security Management Systems Auditor / Leader Auditor Training Course (ISO 27001:2005) obtenida por una persona en Julio de 2009, requerimos saber sobre su vigencia, cuanto tiempo tiene de vigencia esta certificación ? 

  • Capacitacion

    ¿Cuales son las pautas para diseñar una correcta capacitación?

  • ISO 27001 and ISO 27002

     Never applied a standard before what is easiest and why is ISO27002 not audited - how do you get it if not audited?

  • Objectives

     In which document should we discuss the IS Objectives and the Plan to achieve them?

  • Definicion del alcance

     He encontrado una tendencia en definir como alcance el área de TI. En este sentido, más allá del ejemplo que utilizaste respecto de áreas cuyos servicios son utilizados por el área de TI, creo que existe el problema de que TI brinda servicio a toda la organización. Con lo cual, la información que procesa y almacena pertenece al resto de las áreas de la organización. De hecho, los propietarios de la información son las áreas de negocio y TI es sólo custodio. ¿Cómo puede el área de TI asegurar que tiene control sobre, por ej., la integridad de la información, si no puede controlar cómo ésta es ingresada a los sistemas?

  • Qualitative and quantitative risk assessment

     It has been a while, hope you are fine. Is it allowed to perform both qualitative and quantative risk asssessment when implementing ISMS?

  • ISMS for a Manufacturing Unit

     I have been following your webinars its been very helpful to me. I am now doing my intern in which I am supposed to Audit a Manufacturing sector. Kindly provide me your input how to approach ISMS for a Manufacturing Unit and how risk assessment can be done.Please help me with weblinks, documents and template related to this study.

  • Controls in Risk Treatment Plan

    Hi friends, I have a doubt, if in the risk assessment I identified that the organization already implemented a control of the ISO 27002; is necessary to include that control in the Risk Treatment Plan?? Thank you. Best regards
Page 498 of 542 pages