Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Status of controls

    Is there a need to reflect the status of all controls in ISMS Manual? Purpose is it will given an idea of control status to auditors at the first document review itself.

  • A clarification on risk assessment/ treatment

    ISO 27001:2013 aligns its risk assessment & treatment  with ISO 31000 (see clause 6.1.3) but ISO 27002:2013, clause 0.2  says such guidelines are provided by ISO 27005. Which one should be followed?

  • What is cybersecurity?Interpreting the control A.8.1.1

    i do not understand what is small exact  difference between cyber security and information security

  • What is cybersecurity?

    i do not understand what is small exact  difference between cyber security and information security

  • ISO 22301 Implementation

    How do we implement ISO 22301 within a company without ISO 27001. What are the challenges or hurdles that we might face. Currently have basic BC/CM planning. Thanks.

  • Asset Identification

    ISO 27005:2011 Annex B Section 1.2 describes a process for Asset identification that classifies primary and secondary assets which seems to be in contradiction to the Risk Assessment Categories that are in the 27001 Academy templates.  I have been working to identify assets using the ISO 27005 methodology which focuses the primary assets on information assets rather than the secondary assets which are more people and equipment based which is how the template categories are defined.  I think the primary information assets approach works well for my company as we are a software product company where the assets we have to secure are more centered around software, source code and customer data rather than the physical equipment.  My question is having identified and assessed the primary information assets do I simply continue and assess the threats and vulnerabilities related to the secondary assets or is it sufficient to assess the primary assets, with the implication that the secondary assets will be covered by the primary assets? Thanks William Owen

  • Regarding NC

    I have one doubt that in iso 27001 certification audit .They are giving nonconformities and observations. whether ncs and observations they have give on the basis of 27001 or 27002 or both.

  • Regarding "information security objectives and planning to achieve them

    There is requirement to document information security objective and plan to achieve them.

  • ISO 27001-2013 - Amended Version

    "Yesterday we received an amended ISO 27001-2013 showing an amendment to Annex A  A.8.1.1

  • BIA MTPD Calculation

    Hello Dejan, Would you be able to tell me where I go again to review the on-line video of how to fill out the BIA template?  I watched it sometime ago but had to put things aside for awhile and now I am back at it again.  I seem to be stuck on the BIA report trying to determine how to come up with the MTPD?   Thanks, Luc
Page 516 of 544 pages