Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Policy Version Control

    Hi, Our organization ISO 9001 & 27001 certified. Tow year before we are implemented the incident management policy, the policy version number is (Ver 1.0). Last year as per the  management direction the information security incident management policy was migrated with QMS policy. Owing the information security incident management policy was obsoleted.   Current financial the QMS incident management policy is not effective, hence the management decided that, the information security incident management bring back to live.   Please guide us, what is the version I can provide the policy. Because the existing one already obsoleted. Now I can provide the version number from the start or I can follow the old version number.   If you suggest follow the old version number or new version number means, provide the valid reason for the same. We can communicate to the management.   Thanks in advance. G Thanikachalam
  • Difference between clauses 5.1.e and 6.1.1.a of ISO 27001:2013

    In ISO/IEC 27001:2013 Standard do you see any difference between Section 5.1.e and Section 6.1.1.a or both are same ?
  • Interpretation of A.14.2 : Security in development and support processes

    Some BPO (call center) companies exclude  all controls of A.14.2 thinking that this set of controls is only for software development organizations. I am of the opinion that development is applicable to design of services and solutions in non-software service organizations too.    Which view is correct?
  • ISO 27001 Implementation

    My Question is what are the lessons learned/key insights/war stories/top tips/key dos and don'ts when implementing ISO 27001.
  • A question about asset inventory

    I understand the asset inventory is a mandatory document for ISMS based on 27001:2013, my doubt is, this inventory should be formalized and signed for the High Management?
  • Taking into account the existing controls during the risk assessment

    I have a quick question regarding the risk assessment template that I got from you. During the assessment, where assess the impact and likelihood do I take into account the existing controls that I already have? If yes, then in the column existing control do I fill in in accordance to ISO 27002 controls? Please advise.
  • Certificate validation

    our company get ISO 27001:2005 certificate in *** from CIS company. I don`t know that certificate is valid in ISO website (iso.org) or not. how to check ISO certificate validation for my company or my country?
  • Difference in business continuity in 27001:2005 and 27001:2013

    What is the difference in regard with business continuity in 27001:2005 and 27001:2013 in Annex A. Many organizations think, that if implemented 27001, they also implement 22301.
  • Information Asset: Business Applications and their Scope

    We are planning to implement ISO 27001 and the scope is our Data Center and IT department
  • Business Continuity Plan Template

    Hello,  We have multiple IT projects in operations. I would like to know whether the business continuity plan template would be a single document to cover all projects, or would it be a document per project.  Secondly, how would the 1) Incident Response Plan and 2) Activity Recovery Plan be against each project (single document or unique per project).  And lastly, where would the detailed disaster recovery steps of the IT data center infrastructure go ? These are the steps that will be executed by the system, network and database admins to recover the IT setup.  Thanks.