Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Incident Log

    Who should update the incident log?
  • ISO 27001 risk assessment

    I do understand how to go with Risk Assessment. I was able to identify the assets, vulnerabilities, threats and impacts. But I couldn't understand from Methodology, how to do the qualitative and quantitative analysis in order to move forward. Please I need your comprehensive assistance regarding this issue.
  • Information asset in ISO 27001:2013

    For your information, we are now in the progress of transitioning from ISO 27001:2005 to ISO 27001:2013. In the past, we did risk assessment and treatment plan for all types of assets like hardware, software, documents, infrastructure, people. Now, in ISO 27001:2013, can I continue doing risk assessment based on mentioned assets above? Is it OK if we exclude hardware, infrastructure, and people from the risk assessment?
  • ISMS Feasibility

    What requirements we should consider and provide before setting up ISMS within the organization?
  • Asset Identification for Contact Centers

    In the case of a Call Center, we have access to our Client's database which has confidential information of their customers. Do we consider this as an Asset during our Risk Assessment or should we leave it to our Client's side? In the case that it is our asset, should we apply an additional layer of control?
  • ISMS Scope Document

    What would be organizational units within the scope of the ISMS?
  • Monitoring of third parties

    I am assisting my current employer with third party governance and looking to put some KPI's together for the monitoring of such tird parties. I may be interested if you have any potential info for this. For example, what do we do in order to clarify that a third party is patching effectively etc.
  • ISO 27001 clauses applicable for Cloud Security

    With Cloud Computing, Cloud storage  being the buzz words, I like to know as to which clauses of ISO 27001 deal with this aspect for an organisation opting to use Cloud services. What are the possible Security concerns and How ISO 27001 addresses them.
  • Recording changes when making a transition to ISO 27001:2013

    If you are already certified according to ISO 27001:2005 and now you have an surveillance audit  that plans to audit against ISO 27001:2013, my question is: do you record all the changes made to the ISMS as “improvements” ? or you just start making changes and recoding in the relevant ‘change history’ section of each document?
  • SOA Related

    What should be the recommended structure of SOA for a multi location organisation. We as certification body prefer, that the organisation describes the applicability of relevant controls for each location. It helps us to know what controls to see at each location. Please confirm.