SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4148
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Liniking the risk assessment with business continuity management

    I've read a lot about BCM but uptil now I cant link the risk assessment step with the business continuity management. To make it more clear what if I bypass the risk assessment step from the bcm lifecycle, what is the adverse effect that will take place or what will be the defect in my BCP?

  • Qualitative and/or Quantitative Risk Assessment

    Hi, Dejan, Understand that we can use Qualitative or Quantitative approach to the risk assessment, can we use both in the methodology? i.e. Qualitative to define Consequences, and Quantitative to define Likelihood? Regards, ys

  • Document and Record Control Procedure for ISO 9001 and ISO 27001

    ...the local NGO has ISO9001 in place and I am thinking to refer the Document and Record Control Procedure to the existing ISO9001. The ISO9001 documents are not in English, but the ISMS document is in English, and ISO9001 does not classify the information in general but ISMS will classify the information, so can I still refer the document control to the ISO9001 “Document and Record Control Procedure”? OR I need to establish a new documented procedure by itself?

  • Control A.6.1.5 project management in ISO 27001:2013

    We are currently busy with implemeting the ISO 27001 standard in our organization. Everything is going well, except we have a question about one of the controls, which isn't quite clear to us. The control is about information security in project management (it is in Annex A, paragraph A.6.1.5). This control isn't quite clear and we would like to ask you if you can give us some examples on it.

  • ISO 27001 certification scope - include only HQ or also the branches?

    If I want to get certify on ISO 27001 for my HQ, is it wise for my to put my branches in scope?

  • Preparing Statement of Applicability

    When performing the SOA phase. Is there a minimum or maximum amount of controls to select? Do you have to select controls from every section of the 35 main security categories?

  • How much of Partial scope is permitted?

    In the context where the "Organisation" is a part of larger organisation, there are few clarifications needed: 1. e.g. a Data centre within an Engg. Organisation. A large no of PCs are connected to the Data Centre. The Data centre hosts all the servers and the applications for an ERP. The application is used by a large no of client PCs located within the same premises or outside on leased lines. (Private network) or may be even on the internet through HTTPS. Scenerio 1: Browser based access on the client PC Scenerio 2: Agent loaded on each PC. Then only you can access the application. Scemerio 3: The IT dept. is responsible for pushing the OS updates, application updates at the client end, Virus updates as well as monitors the various other softwares running on the PCs available in the company. (That is their role is not for DC only but maintenance of all the PCs in the company). Scenerio 4: The larger Engg. company has 3 diffrent deptts. One Which runs the DC; 2nd which provides the connectivity to various usesrs/ group of users within the same premises or acro ss various locations in the country and outside. The levels of such users outside the physical premises of the comany may vary from e.g. to a regional office (with say 50 users each) to a sales office (with say only one or few PCs). 2. While the IT dept. is responsible for the maintenance of complete IT infra. including the DC and the client workstations, they want scope to be restricted to DC only excluding the network (LAN/WAN support). Is it allowed. 3. While the scope is partial is is primarily restriced to IT services, The key decion makers and resource providers are outside the IT Deptt. e.g. CEO of the organisation, Fininancial Heard, HR Head, Security Head, Utilities Head etc. 4.Is it true that ISMS Scope and the Certification Scope may be diffrent that too when the organisaion is part of a larger company. In this case, the role of a certification auditor will be confined to see the ISMS within their scope of certification. Who will the external parties (Outside the scope of certification or outside the scope of ISMS as defined by the organsaion).

  • Is the computerized machinery considered to be an asset

    I work in a manufacturing and want to know if the machines manufacturing with computers, are considered assets of information and what do you think about your treatment.

  • Assets dependence

    Hello friends, A question: How to handle the assets dependence in your asset inventory? How to you handle this: "Asset valuation is a key factor in the impact assessment of an incident scenario, because the incident may affect more than one asset (e.g. dependent assets), or only a part of an asset." Thanks your for your help Best regards

  • Using risks instead of threats

    I think in 27001:2013 version we not using the word of threats,we are using risk instead of threats, kindly correct me if i m wrong,
Page 523 of 542 pages