Get a FREE ISO 27001 Internal Auditor exam worth $649
with your ISO 27001 toolkit purchase
Limited-time offer – ends September 26, 2024

ISO 27001 & 22301 - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Do I have to purchase ISO standard for the certification?

    Do i have to purchased ISO Code of Practice to show the auditor on stage 1 or the requirement document?
  • Which documentation to show to certification auditor

    I would like to check with you if we show all mandatory documents to auditor is it okey or do we have to show all documents as mentioned in toolkit.
  • risk assessment and controls

    for risk assessment if I identify the threat and vulnerability but i already applied control then do I have to mention that risk? example asset(server) threat (no electricity) vulnerability (no ups) but I already have UPS , so do I have to add that record in the assessment table and put the likelihood "low"? or I will not add it because there is no vulnerability?
  • Business countinuity plan

    my manager asked me to build Business continuity plan to insure the continuity of the business "in the primary location"because the incident could be solved in that location and no need to switch to another location, by clustering or restoration. and another document which is the "disaster recovery plan" to insure the continuity of the business at the alternative site after the disaster, but the templates are all about disasters . how can I build the first document that will insure "Business continuity plan" in the primary location in the cases that the alternative site is not needed.
  • Making mistakes in documents because of an auditor

    One of my colleague also told me to do some mistake in documents so the auditor should pick if everything will be perfect the inspector doesn't expect everything should be fine, please suggest.
  • Procedure for document and Record control

    Question about Section 4 "Documents of external origin"   What types of documents would this include?  I am having a difficult time trying to think of why this would need to be in the procedure.   Does this include parcels, if so what type of parcels would this apply to?
  • Records of Management Decisions

    Several flow charts published reference the Records of Management Decisions as a required document.  This same document looks to a deliverable early in the implementation process.  Do you have an example of this document or can you share what it would contain so early in the process?
  • Risk register vs. risk treatment table

    Is the risk treatment table considered as risk register? or the risk register is something else?
  • Risk Assessment Table

    This in in reference to the: Appendix_1_Risk_Assessment_Table_EN spreadsheet. In preparation for filling in the Risk Assessment Table, I recognized that a particular asset say a "laptop" could have more than one threat, and by selecting any given threat there could be more than on vulnerability.  How do you account for these multiple possibilities with each asset?  the combinations seem like there could be many?
  • Specifying excluded controls as exclusions in the ISMS Scope document

    In paragraph 3.5 Exclusions of the ISMS scope document should not go further excluded controls?