ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • How to select appropriate controls from Annex A

    It's tricky to fill-out Risk Treatment - how to remember all 133 controls and select the appropriate?
  • Asset inventory issues

    Hello Dejan, I wish you happy and healthy new year ! I have a question in regards to some assets in the asset inventory We have Confidential waste bins, shredders and Lockable filing cabinets as assets, however we think that they are more controls to protect documents than Assets to be protected. For Lockable filing cabinets, it could be related to the control 11.3.3 Clear desk and clear screen policy For Shredders and Confidential waste bins, they could be related to the control 10.7.2 Disposal of media What do you thnk about this approach!
  • ISO 27001 - frequency of recertification

    Once certified for ISO 27001, how frequent does a recertification have to take place?
  • Expenses in BIA Questionnaire

    In your BIA Questionnaire, expenses are covered twice - Part 1 - Additional expenses (repairs, maintenance, etc.) and Part 2 - Working Capital (WC). Understand how WC can be applied but can you provide more information on the 'additional expenses'?
  • How to link risk assessment to Statement of Applicability

    Many thanks for a very good webinar. One question came to mind after the webinar…once you have done your risk assessment and have a solid table listing your risk and their significance how do you then link that to the SOA and pick the controls you want?
  • Questions regarding the ISMS scope document

    If I am getting ISO 27001 certification for a project within an organisation, what should I put under Section 3.2 Organisational Units. Also for Section 3.4 Networks and IT Infrastructure, can I say that "Only the assets that belong to the project are included in the scope".
  • Minimum Business Continuity Objectives and its connection to the work load in th

    We need some clarification as it relates to the Minimum Business Continuity Objectives and its connection to the work load in the peak periods. We normally develop our BC Plans and recovery strategy based on minimum numbers i.e. minimum staff Req’d to recover operations immediately after the disruptive event. The BIA questionnaire is suggesting that we build the MBCO on the peak period numbers – transaction and resources – which is opposite to what we do…
  • Is ISO 27001:2013 based on PDCA cycle?

    I have one doubt in ISO 27001. Is ISO 27001:2013 based on PDCA cycle? If not what is the new approach.
  • Mobile code - the control reference is A10.4.2

    Please can you define the term mobile code - the control reference is A10.4.2.
  • Required tools for ISO 27001

    I am working in the ISO 27001 certification project which has started the project recently. In-addition, we started PCI-DSS project earlier and at the middle stage of that higher management would like to know about the estimated cost for purchasing different monitoring, assessment tools both for PCI-DSS and ISO 27001 and would not invest further for ISO 27001 requirement only at later. In this situation I have asked for a list of needed tools for ISO 27001 and I am preparing the list (e.g. Network Monitoring, Availability, Vulnerability; Database Activity Monitoring, Status; System Users Activity; Log Management; Change Management, etc.) Could you please help me in this regard to figure out all needed software/tool for assuring highest level of security, monitoring and assessment/analysis.