Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Business Continuity Question

    I was wondering if the Business Continuity Disaster Recovery plan can function as an Availability policy as well. This is to comply with SOC 2.

  • Need guidence on IT Sec

    Recently I got a new responsibilities of CISO but I'm not aware about it so much. Can you guide to be CISO? How to start with which beginner certifications? If any online classes for it

  • Do we need to document each control?

    I have a question on the mandatory documents; does this means that, even if in the risk assessment step or building our SOA we find any control that are applicable to our company, we not necessarily have to document it? Or this mandatory documents are a complement to those documents you create from the risk assessment  and SOA?

  • Why write policies before the risk assessment

    I am still not sure why/how we could 'set the Policies' (2nd step, the 1st being the 'scope') first before performing a formal risk assessment. Would you be able to clarify it for me please?

  • Enterprise risk management and ISO 27001

    1. The revised standards refers to ISO 31000 to conduct risk assessment which mean to take the risk assessment in Enterprise perspective rather asset base. Further if we go by asset base, we might not identify the enterprise level security risk in macro view or top down risk. eg: reputational, image, loss of competiveness, Lost of strategic opportunities etc.

  • Merging internal audit and information security officer function

    Can I appoint the head of my internal control department as ISO and he would also monitor the internal audit team?

  • Design compliance plan for internal use

    I am in process to design compliance plan for internal use. I've build the audit calendar and listed the areas to be audited quarterly.

  • Regrading Security Framework

    I am doing the security framework for my company. I would like to know what are all the section i have to include this section and tell me what the different between the security plan and framework.then risk treatment plan and security plan

  • Confidentiality, integrity and availability in the risk assessment

    During previous audits to 2005 the auditor has insisted on a risk number against the C, I, and A consideration. I noticed in your 2013 training you talk about considering CIA but not actually recording this.

  • ISO 22301 certification

    Which organisation provides accreditation for ISO 22301? For instance we have UKAS for ISO 9000. We want to be certified and would like to know the name of the certification body.
Page 515 of 544 pages