ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Questions regarding the ISMS scope document

    If I am getting ISO 27001 certification for a project within an organisation, what should I put under Section 3.2 Organisational Units. Also for Section 3.4 Networks and IT Infrastructure, can I say that "Only the assets that belong to the project are included in the scope".
  • Minimum Business Continuity Objectives and its connection to the work load in th

    We need some clarification as it relates to the Minimum Business Continuity Objectives and its connection to the work load in the peak periods. We normally develop our BC Plans and recovery strategy based on minimum numbers i.e. minimum staff Req’d to recover operations immediately after the disruptive event. The BIA questionnaire is suggesting that we build the MBCO on the peak period numbers – transaction and resources – which is opposite to what we do…
  • Is ISO 27001:2013 based on PDCA cycle?

    I have one doubt in ISO 27001. Is ISO 27001:2013 based on PDCA cycle? If not what is the new approach.
  • Mobile code - the control reference is A10.4.2

    Please can you define the term mobile code - the control reference is A10.4.2.
  • Required tools for ISO 27001

    I am working in the ISO 27001 certification project which has started the project recently. In-addition, we started PCI-DSS project earlier and at the middle stage of that higher management would like to know about the estimated cost for purchasing different monitoring, assessment tools both for PCI-DSS and ISO 27001 and would not invest further for ISO 27001 requirement only at later. In this situation I have asked for a list of needed tools for ISO 27001 and I am preparing the list (e.g. Network Monitoring, Availability, Vulnerability; Database Activity Monitoring, Status; System Users Activity; Log Management; Change Management, etc.) Could you please help me in this regard to figure out all needed software/tool for assuring highest level of security, monitoring and assessment/analysis.
  • Upgrades to Documentation Set

    Hi Dejan and team, I purchased the ISO 27001 Document set a while ago, am I entitled to a discounted upgrade to the new 2013 templates? This is presuming that you have updated the templates.
  • Which is first - BIA or risk assessment?

    I´ve got a question about the order between BIA and RIA, what is the correct order? In DRII is RIA process and then BIA but had read in others organization that is BIA first and then RIA.
  • Addres change after certification

    Dear Dejan, what if a company gets the certification and relocates the company after two months? do we have to inspect again or just paperwork is enough? and my second question is for a server room, I adviced to my client to have a digital lock for server room but they are planning to move in 3 months, Is it ok IT manager keeps the server room key and keeps logs and signitures for key use?
  • Corporate information security policy

    If there is a corporate information security policy, what sort of information should be added into this policy so that it can comply with the 2013 ISO standard?
  • Excluding secure development from Statement of Applicability

    If we don't have any development activities in our org. So secure development is not applicabpe and secure dev policy accordingly not needed. So what shoud I put in SOA as existing controls for controls number