SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1916
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • SOA Related

    What should be the recommended structure of SOA for a multi location organisation. We as certification body prefer, that the organisation describes the applicability of relevant controls for each location. It helps us to know what controls to see at each location. Please confirm.

  • Difference between contingency, recovery and response plans?

    I have made BC Plans for different departments. then i made the generic plans for terrorism, fire and Pandemics. Should the format be different and whats the difference between contigency, recovery and response plans.

  • ISO27001:2013 - 6.1.3 c) - verifying that no controls have been left out

    I have a question about section 6.1.3 of the ISO 27001:2013 standard.  I have successfully completed the selection of controls for each risk in the organisation but this section of the standard mentions verifying that no controls have been left out for any given risk.

  • Implementation guidance ISO 27002

    I guess this is a basic question, but I would like to know your opinion about it. Are the implementation guidance of controls described in ISO 27002 mandatory or, as the name indicates, only a guide?

  • Is equipment in data center to be considered as assets or controls?

    I got a question in relation to Information Security. If you own your own data centre, would you consider data centre controls such as fire suppression system, UPS, power generators, humidity controls as assets (for the purpose of risk assessment)? Or would you consider them as controls implemented to mitigate risk of system availability due to fire, power outage ?

  • Definition of asset in ISO/IEC 27000:2014

    I just realized that there is no longer definition of asset in ISO/IEC 27000:2014. Could you please tell me why?

  • Asset owner for the personnel

    Who would be the proprietary of the asset "personal"? I have identified to "personal" as a critical asset within my ISMS, but I don't know who would be the propietary of this asset.

  • Does the Impact Reduce When applying Controls

    Relocating to less storm prone area.

  • Information security policy vs. Acceptable use policy

    What is the big difference between the Information Security Policy and the Acceptable Use Policy?

  • Licensed software in ISO 27001

     I have one question to ask you that, ISO27001 it does say need to use all License Version instead of pirated(Cracked) ? please confirm same.
Page 508 of 542 pages