SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • gap analysis for ISO 27001

    how i can perform  gap analysis for ISO 27001 in the organization?

  • Encrypted Messenger app

     I program at the moment on an encrypted Messenger, which the news about AES-256 encrypted. This is open source and free of charge. Do I need an ISO 27001 certificate for this?

  • Set of assets

    In the inventory of assets, for example hardware and software, I will have many computers with the same configuration and software consequently many threats and vulnerabilities equal, in this case who should be the owner of these assets and the risk assessment table these assets should be repeated?

  • ISO 27001 for a Data Center

     A company wants to get certified for ISO 27001:2013 for their Data Center only.  What would be the steps to achieve this?  What is the implication on the Statement of Applicability document?  Thank you in advance for your reply.

  • Software development company

    I have a question about ISO27001, our company is a software development company. In 14 it says it services but in 6.1.5 it says regardless of the project. My Question is in our projects(we develop the code)which have a logging screen, with respect to ISO 27001 do we need to apply secure log-on password management or event logging if as a company we had a ISO 27001.

  • Risk assessment based on processes

    How can I modify the risk assessment and treatment methodology, in order to not use asset-threat-vulnerability? Regarding Risk identification: I want to identify risks using processess, departments and category of assets - not individual assets.

  • Confining a registrar to the scope that has been defined

    How does one go about confining a registrar during the audit to the scope that has been defined? I’ve experienced an auditor who seems to be attempting to expand ISMS scope beyond the internally agreed upon scope. We are limiting scope of the ISMS to the ***; nothing more – nothing less.

  • Record maintenance system

     A follow up question? I don’t think we have a record maintenance system?! Can you give me example of such systems. Can we use sharepoint for this?

  • Business Continuity Assessment

     Dejan do you have any webinar's that focus on conducting a Business Continuity Assessment using the ISO22301 standard?  This would be used for companies that have an existing BC Program to provide improvement opportunities to strengthen there existing program.

  • Include controls in the SOA

     In inclusion of controls in Annex A, what possibly could be the justifications if we cant find any justifications from risk assessment, legal requirement, contractual requirement or business requirement/best practice?
Page 499 of 542 pages