Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Is equipment in data center to be considered as assets or controls?

    I got a question in relation to Information Security. If you own your own data centre, would you consider data centre controls such as fire suppression system, UPS, power generators, humidity controls as assets (for the purpose of risk assessment)? Or would you consider them as controls implemented to mitigate risk of system availability due to fire, power outage ?

  • Definition of asset in ISO/IEC 27000:2014

    I just realized that there is no longer definition of asset in ISO/IEC 27000:2014. Could you please tell me why?

  • Asset owner for the personnel

    Who would be the proprietary of the asset "personal"? I have identified to "personal" as a critical asset within my ISMS, but I don't know who would be the propietary of this asset.

  • Does the Impact Reduce When applying Controls

    Relocating to less storm prone area.

  • Information security policy vs. Acceptable use policy

    What is the big difference between the Information Security Policy and the Acceptable Use Policy?

  • Licensed software in ISO 27001

     I have one question to ask you that, ISO27001 it does say need to use all License Version instead of pirated(Cracked) ? please confirm same.

  • Information and Classification Policy

    While we were writing this policy we have come up with the solution to have three level classification - client confidential, business confidential and public.

  • Policy Version Control

    Hi, Our organization ISO 9001 & 27001 certified. Tow year before we are implemented the incident management policy, the policy version number is (Ver 1.0). Last year as per the  management direction the information security incident management policy was migrated with QMS policy. Owing the information security incident management policy was obsoleted.   Current financial the QMS incident management policy is not effective, hence the management decided that, the information security incident management bring back to live.   Please guide us, what is the version I can provide the policy. Because the existing one already obsoleted. Now I can provide the version number from the start or I can follow the old version number.   If you suggest follow the old version number or new version number means, provide the valid reason for the same. We can communicate to the management.   Thanks in advance. G Thanikachalam

  • Difference between clauses 5.1.e and 6.1.1.a of ISO 27001:2013

    In ISO/IEC 27001:2013 Standard do you see any difference between Section 5.1.e and Section 6.1.1.a or both are same ?

  • Interpretation of A.14.2 : Security in development and support processes

    Some BPO (call center) companies exclude  all controls of A.14.2 thinking that this set of controls is only for software development organizations. I am of the opinion that development is applicable to design of services and solutions in non-software service organizations too.    Which view is correct?
Page 510 of 544 pages