SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1916
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Design compliance plan for internal use

    I am in process to design compliance plan for internal use. I've build the audit calendar and listed the areas to be audited quarterly.

  • Regrading Security Framework

    I am doing the security framework for my company. I would like to know what are all the section i have to include this section and tell me what the different between the security plan and framework.then risk treatment plan and security plan

  • Confidentiality, integrity and availability in the risk assessment

    During previous audits to 2005 the auditor has insisted on a risk number against the C, I, and A consideration. I noticed in your 2013 training you talk about considering CIA but not actually recording this.

  • ISO 22301 certification

    Which organisation provides accreditation for ISO 22301? For instance we have UKAS for ISO 9000. We want to be certified and would like to know the name of the certification body.

  • Status of controls

    Is there a need to reflect the status of all controls in ISMS Manual? Purpose is it will given an idea of control status to auditors at the first document review itself.

  • A clarification on risk assessment/ treatment

    ISO 27001:2013 aligns its risk assessment & treatment  with ISO 31000 (see clause 6.1.3) but ISO 27002:2013, clause 0.2  says such guidelines are provided by ISO 27005. Which one should be followed?

  • What is cybersecurity?Interpreting the control A.8.1.1

    i do not understand what is small exact  difference between cyber security and information security

  • What is cybersecurity?

    i do not understand what is small exact  difference between cyber security and information security

  • ISO 22301 Implementation

    How do we implement ISO 22301 within a company without ISO 27001. What are the challenges or hurdles that we might face. Currently have basic BC/CM planning. Thanks.

  • Asset Identification

    ISO 27005:2011 Annex B Section 1.2 describes a process for Asset identification that classifies primary and secondary assets which seems to be in contradiction to the Risk Assessment Categories that are in the 27001 Academy templates.  I have been working to identify assets using the ISO 27005 methodology which focuses the primary assets on information assets rather than the secondary assets which are more people and equipment based which is how the template categories are defined.  I think the primary information assets approach works well for my company as we are a software product company where the assets we have to secure are more centered around software, source code and customer data rather than the physical equipment.  My question is having identified and assessed the primary information assets do I simply continue and assess the threats and vulnerabilities related to the secondary assets or is it sufficient to assess the primary assets, with the implication that the secondary assets will be covered by the primary assets? Thanks William Owen
Page 514 of 542 pages