Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • List of legal regulatory and contractual requirements

    List of legal regulatory and contractual requirements, should be for all organization or just security function? Or IT AND SECURITY?

  • Risk identification

    Hello, When identifying risks, do we have to take into account those risks that are obvious and are already solved? Like for example: - electricity cut, if the organization has already a generator and it enters in activity automatically? - disk back up if it connects automatically? - internet cut, if we have a two providers and when one has problems we use the other one?

  • Steering committes for a smaller company

    Is it ok to combine the ismc (info sec mgmt committee) with the itsc (IT steering committee) in one doc as the company is small?

  • 7 2 2 labeling and handling

    Dear dejan, for the documents and the assets (laptops, printers faxes etc) have to be labeled physically ? I mean do I have to type a label and stick on the assets that they are confidential? Thank you so much for your guidence

  • Criteria of IT company ISO certification

    Can you tell me the criteria of IT company ISO certification.

  • General impacts

    Hello Dejan, The perspectives (reputation, client´s reaction, backlog,etc) in the BIA questionnaire (section 3) have the same weight? I mean, let´s suppose that i have high impact at 4 hours to "How difficult will it be to catch up on the backlog of work", but to the others i have only marginal or acceptable impact. It´s enough to identify MTPD?

  • RTO for IT System

    Hello Dejan, If i have a system (ex: SAP) that support two process with different RTO, how i can define which RTO is applicable to my system? I need identify the criticality of my process first?

  • ISO training evidence

    Are there any templates for ISO Training evidences which we have to show to the Auditor in stage 2?

  • Query pertinent to mapping controls of the revised standard to the old standard

    Hi I have a query pertinent to mapping few controls of the revised standard to the old standard. On understanding the relevant sections, I find that: #9.2.3 Management of privileged access rights does NOT appropriately map to #11.2.3 User password management as given in the mapping document of the revised standard. The two sections are not in sync to be mapped on a one-to-one basis. #9.2.4 Management of secret authentication information of users does NOT appropriately map to #11.2.4 Review of user access rights as given in the mapping document of the revised standard. Again, the two sections are not in sync to be mapped on a one-to-one basis. Please help me clarify my understanding.

  • Will ISO22301 become more important with the transistion to ISO27001:2013 ?

    I would be interested in peoples view on this as it seems that 27001:2013 has watered down the controls for BC and DR and therefore may not meet some organisations requirements in these areas?
Page 535 of 544 pages