ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Referring to Inventory of assets from the ISMS Scope document

    Item 3.4 Resources of the ISMS Scope document says it may add a reference to the asset inventory. The asset inventory is performed once defined the scope of the ISMS, then how could I add a reference to that document.
  • Weekly status report for management

    My CIO is expecting me to generate a weekly status report, but I am uncertain what to provide since I do not have a step by step procedure.  I know you said your documents are in order, but it seems that there is a lot more work that needs to be done outside of completing your documents????  Any additional guidance would be appreciated.
  • Filling in the inventory of assets

    When do I do the inventory of information assets? Prior to the risk assessment?
  • Exclusion of security controls in Statement of Applicability

    How many Security controls can be excluded in SOA, if we want to implement them at later stage and what can be the exclusion justification for that?
  • How to define criticality?

    Based on the results of BIA questionnaire, how i can define the criticality of my business process?
  • Enterprise Branch Certification

    Dear Friends,   A foreign company branch needs to get certified. the branch assets mostly controlled by oversees company. even some servers and routers controlled by hq IT department. they need to get 27001. main company has isms but branch semi controlled semi independent. how is the documentation should be? should we get the main company documentation into branch docs too? I am seriously confused :) I hope you guy can guide me out.   Thanks for everyone for their interest
  • BIA Questionnaire and the RTO

     Where in the BIA questionnaire i can put the RTO? I see only option (item 6) to put the MAO.
  • Minimum documents for business impact analysis

    Which are the minimum documents of your toolkit that are necessary to do a BIA?
  • The best ISO to implement for a Data Center

    What is the best ISO to implement for a Data Center and for the IT Personel, what are the best suitable Security Certifications they should go after?
  • Should Physical Cable prototypes be considered as information asset

    Hi Dejan, Our company is Wire Harness manufacturer for Automotive Industry and we are conducting ISO 27001 Certification project ; While building the Asset Register, we did meet some issues: We have identified Prototype Designs of wire harness (electronic and paper designs information) as confidential information in the asset inventory .However I would like to know if Physical Cable prototypes should be considered as information asset or not. Thank you for your support.