Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Toolkit questions

    I have many questions First one: why the implementation tool kit did not contain the folder for A5 and folder for A18 in the folder 08 for annex a Second question:  while I browse your website I found the document named checklist of ISO 27001 mandatory documentation I confused AND I have a question regarding this document regarding the documentation I SHOULD deliver to the certification auditor My question is do I have to submit   this document to the certification auditor ? Third question: what is the difference between this document and the  implementation tool kit Which contain folders from 00 to 12

  • Security Management System

    La implantación del Sistema de gestión de Seguridad de la información estoy en la FASE de análisis de riesgos y vulnerabilidades a ver si me dan algunos consejos y pautas The implementation of the Information Security Management System I am in the PHASE of risk and vulnerability analysis to see if they give me some advice and guidelines

  • Assets management

    Buenas noches, tengo dudas con respecto a la gestion de activos, veo que dentro del paquete adqurido no vienen referenciados procedimientos de referencia en la gestión en sí, únicamente viene una politica de clasificación de activos y un inventario, ud tendrá un ejemplo de ellos y aclararme si es necesario un procedimiento la gestión de los activos y activos de información. Good evening, I have doubts regarding the management of assets, I see that within the purchased package there are no reference procedures referenced in the management itself, there is only an asset classification policy and an inventory, you will have an example of them and clarify if a procedure is necessary for the management of assets and information assets.

  • New implementation: ISO 27001:2013 + ISO 27002:2022

    Hi iso people. I'm in a middle of ISO 27001:2013 implementation. I'm just finishing chapter 9. Now I've read ISO 27002:2022 and I would like to implement the new controls instead of Annex from ISO 27001:2013. Will that get me in trouble if I write that we've decided to use the new set of controls and excluded Annex from 2013 completely?

  • Detailed explanation of 11 new security controls in ISO 27001:2022

    As regards the below, related to the content of the email (article: https://advisera.com/27001academy/explanation-of-11-new-iso-27001-2022-controls/): https://i.imgur.com/Qes2KfG.png Silly question if other areas of ISO 27001 are not mandatory can we exclude these as well? Or can we only exclude security controls if not mandatory or covered by legal/regulatory/contractual requirements?

  • ISMS 27001 processes

    I am in the process of setting up the ISMS with your tool kit. What I miss (or haven't found) the processes (structure) for change management or patch management. As well as the subdivision into management, core and support processes. This is required for the process landscape.

  • Conformio expert questions

    1. In the Project Plan document under section 3.4.3. the document is referencing a project team, however later on the title of the table is "Participants in the project". There is an inconsistency in the understanding of who are the members of the project team as there can be more participants in the project than the team members, especially if it is a larger company. Can you please clarify this section for me in this document?

    2. We are a very small company and we do not have Head of IT department, but only the Senior IT technician and two IT support guys. In Conformio I can only define one IT support job title for one of the guys, but I cannot give the same job title to the second IT support person even though both of them have the same job title in our company. Can you explain why this is so?

    3. We want to declare all printed documents as unreliable and therefore uncontrolled, but we were not able to find a way to do that in the Procedure for document and record control. Can you advise how we can add this statement in this document or where we can add this statement?

  • Risk Register Team work question

    I have one more question, I am preparing a review of mandatory documents for our ISO certification and I am using Advisera checklist to make sure we comply. 

    I have noticed that the checklist is slightly different to the steps I'm working on in Conformio. Would you please be so kind and let me know, where can I find documents marked in red in the screenshot below? Thank you in advance!

    Documents I can prepare in Conformio: https://i.imgur.com/dddfECG.png

    Documents listed as mandatory, red dots highlight the ones I am unsure where to find them.
    https://i.imgur.com/lgFtGY1.png

  • ISO 27001 A.8. 1.1 Asset Inventory

    Please in building an asset record for IT assets like servers and network devices, what is acceptable as a unique identifier to uniquely identify assets in a manner that cannot be easily manipulated. Thanks
Page 52 of 544 pages