Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Incident management procedure-A.16.1.5 is new control?

    Hi in standard ISO27001:2013 and in step 10 transmission steps document, Incident management procedure (control A.16.1.5) is new control who describe how to respond to different types of incidents, who is responsible for what, who must be informed, etc but in ISO 27001 2005 revision, information security incident management : reporting information security events and weakness(A.13.1 control) management of information security incidents and improvement(A.13.2 control) is already exist. what difference between scope and interfaces? please explain difference both of them. thanks

  • step2

    Interface) in transition processHi what means "interface "in step 2 from transmission steps ti implement ISO27001:2013 ? how to define interfaces? what difference between scope and interfaces? we implement ISO27001 2005 revision in our organization and we have ISMS scope policy, so we must Define interfaces in the ISMS scope. but I don't know to do it. Please guide me on this issue. thanks

  • ISO27001 recertification to 2005 or 2013

    Hi Dejan, We are certified to ISO27001:2005 and our certificate expires during December 2014. From the information we received it looked like we would need to certify to the 2013 version during the recertification audit because you can't be certified to 2005 after October 2013. However I have recently been told that actually we can be certified to 2005 during our recertification audit in December 2014 because there is a two year transition period once a new version of the standard is released. We can then be certified to 2013 during surveilence audits in 2015. Can you tell me which is correct? Thanks, Mark

  • Taking into account existing controls in the risk assessment

    We are on a good way on doing the risk assessment at the moment. There are a lot of controls that are already on place. We have assessed the risks as if we did not have to existing control and then again with the control. Question is, should we add the existing controls already to the risk assessment table or only start thinking those at the risk treatment table?

  • Liniking the risk assessment with business continuity management

    I've read a lot about BCM but uptil now I cant link the risk assessment step with the business continuity management. To make it more clear what if I bypass the risk assessment step from the bcm lifecycle, what is the adverse effect that will take place or what will be the defect in my BCP?

  • Qualitative and/or Quantitative Risk Assessment

    Hi, Dejan, Understand that we can use Qualitative or Quantitative approach to the risk assessment, can we use both in the methodology? i.e. Qualitative to define Consequences, and Quantitative to define Likelihood? Regards, ys

  • Document and Record Control Procedure for ISO 9001 and ISO 27001

    ...the local NGO has ISO9001 in place and I am thinking to refer the Document and Record Control Procedure to the existing ISO9001. The ISO9001 documents are not in English, but the ISMS document is in English, and ISO9001 does not classify the information in general but ISMS will classify the information, so can I still refer the document control to the ISO9001 “Document and Record Control Procedure”? OR I need to establish a new documented procedure by itself?

  • Control A.6.1.5 project management in ISO 27001:2013

    We are currently busy with implemeting the ISO 27001 standard in our organization. Everything is going well, except we have a question about one of the controls, which isn't quite clear to us. The control is about information security in project management (it is in Annex A, paragraph A.6.1.5). This control isn't quite clear and we would like to ask you if you can give us some examples on it.

  • ISO 27001 certification scope - include only HQ or also the branches?

    If I want to get certify on ISO 27001 for my HQ, is it wise for my to put my branches in scope?

  • Preparing Statement of Applicability

    When performing the SOA phase. Is there a minimum or maximum amount of controls to select? Do you have to select controls from every section of the 35 main security categories?
Page 524 of 544 pages