Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISMS Feasibility

    What requirements we should consider and provide before setting up ISMS within the organization?

  • Asset Identification for Contact Centers

    In the case of a Call Center, we have access to our Client's database which has confidential information of their customers. Do we consider this as an Asset during our Risk Assessment or should we leave it to our Client's side? In the case that it is our asset, should we apply an additional layer of control?

  • ISMS Scope Document

    What would be organizational units within the scope of the ISMS?

  • Monitoring of third parties

    I am assisting my current employer with third party governance and looking to put some KPI's together for the monitoring of such tird parties. I may be interested if you have any potential info for this. For example, what do we do in order to clarify that a third party is patching effectively etc.

  • ISO 27001 clauses applicable for Cloud Security

    With Cloud Computing, Cloud storage  being the buzz words, I like to know as to which clauses of ISO 27001 deal with this aspect for an organisation opting to use Cloud services. What are the possible Security concerns and How ISO 27001 addresses them.

  • Recording changes when making a transition to ISO 27001:2013

    If you are already certified according to ISO 27001:2005 and now you have an surveillance audit  that plans to audit against ISO 27001:2013, my question is: do you record all the changes made to the ISMS as “improvements” ? or you just start making changes and recoding in the relevant ‘change history’ section of each document?

  • SOA Related

    What should be the recommended structure of SOA for a multi location organisation. We as certification body prefer, that the organisation describes the applicability of relevant controls for each location. It helps us to know what controls to see at each location. Please confirm.

  • Difference between contingency, recovery and response plans?

    I have made BC Plans for different departments. then i made the generic plans for terrorism, fire and Pandemics. Should the format be different and whats the difference between contigency, recovery and response plans.

  • ISO27001:2013 - 6.1.3 c) - verifying that no controls have been left out

    I have a question about section 6.1.3 of the ISO 27001:2013 standard.  I have successfully completed the selection of controls for each risk in the organisation but this section of the standard mentions verifying that no controls have been left out for any given risk.

  • Implementation guidance ISO 27002

    I guess this is a basic question, but I would like to know your opinion about it. Are the implementation guidance of controls described in ISO 27002 mandatory or, as the name indicates, only a guide?
Page 509 of 544 pages