Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Risk Treatment Plan and Risk Treatment Process

    According to this article (Risk Treatment Plan and risk treatment process - What's the difference) risk treatment plan have to set a responsible, it is the same responsible for the risk I determined the risk assessment table?

  • Clauses and security controls

    Your statement of applicability starts with A.5 but your Mandatory Doc starts with a 4.X. Mandatory is 2013 but I am not sure the controls match up?

  • Identify Internal and External issues

     The standard requires that we identify internal and external issues that are relevant to the organization. According to ISO 31000 these factors could be cultural, political, financial, etc. But what about these factors I have to collect and what it can influence the information security?

  • How to write ISO 27001 risk assessment methodology

     many thanks for your mail. I tried the first document template I ordered and I like it. I will try to convince my boss to buy the rest next week. We just started our project for implementing the iso27001 in our company.

  • Checklist

     By the checklist that is given in these documents there are few templates that seems to be missing.

  • Control Effectiveness Report

     Last year we had a surveillance audit under the 2005 standard and at one point our auditor asked for a Control Effectiveness Report.  I was dumbfounded, I had no idea what he was talking about.  Have you heard of a report like this before, measuring the effectiveness of each control or control group?  Do you have any recommendations on how we could achieve such a report?

  • Time out and timed session

     I was wondering if you could clear up a question for me. I have a client that says for their users of their cloud based application they need both an inactivity time-out as well as a timed session time out to be compliant. Can you shed any light on this as its hard to determine what is actually required as opposed to recommended. 

  • Clause vs related control or vice-versa

     Is it possible for you to provide me with a guide re above subject? Basically, a table or an Excel file mapping Clauses vs Controls for ISO 27001:2013. Does such a thing exist?

  • Asset list and Certification Audit

     Should we share our asset list with them to ensure there are no duplicates across our asset lists. So they go ahead with the audit of assets on their list (i.e. the assets they manage and operate) and we continue with the surveillance audit of our asset list (i.e. the assets we manage and operate). Meaning we don't have to undergo end of year audit twice including all the documentation, records and controls implementation etc. In other words we as System Owners (of customer's systems who are the data and business owners) continue to be responsible for compliance.

  • Nomenclature recommended for control of the documentation

     I was wondering about the nomenclature recommended for taking control of the documentation.  Do you recommend any codification or code to implement in any project?
Page 504 of 544 pages