Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Question about toolkit
I have many questions The document template included in the documentation toolkit is it the all documents should I write and conduct I am confused about conduct the documentation I intend to start the project with implement and conduct the key stages of iso 27001 PDCA FOUR PHASES WITH risk assessment is it right and this approach can be suitable to use as a milestone for the project What is the difference between the mandatory documentation and non mandatory documentation and if I decided to select concept PDCA I still need to write the mandatory documentation since the four phases of this concept with risk assessment I think cover all or most of mandatory documentation if you understand me correctly Iam right -
Registering users
as per iso who register users in information system IT people or owner of the information asset (business) -
ISO 27001 Internal Auditor Certification
1 - I would like to do the ISO 27001 Internal Auditor Certification from Advisera, however, I would like to know whether the certification exam will be based on ISO 27001:2013 or ISO 27001:2022 or both. 2 - Also, we will be facing our 1st surveillance audit on June 13, 2022, my question is whether the newly added security controls will be checked by the auditor or it will be based on ISO 27001:2013 only. -
Toolkit content
Before purchasing the toolkit, I sent many email to you to ensure the toolkit include all document and template that I need to implement ISO 27001 AND ISO 22301 BUT When I received the toolkit I searched for the document or template for clauses from 4 to 10 and annex a but I did not find either clauses or annex a please can you explain that. -
Implementation controls
As part of buying the official ISO 27001 standard (We already know you do not sell it), must we buy also the Implementation controls or just the requirements? We would appreciate your quick answer. -
Annexure SL
Can you please enlighten me as to whether Annexure SL may be included in ISO 27001:2022, or does it already exist as a Document elsewhere? -
27001 question
Dear Mr. Dejan Thank you very much for your support and help, and sharing for this start-up project template. I have a potential ISP/Fintech customer with current Core Network Backbone & too many fintech Leased line & Solutions running without good security program in mind. They are running the business with no good CMDB/Assets RISK ITSM/ITIL Strategy and enough people and organization divisions and separation of duties. and the WORST that they are running the business with no good NOC/SOC setup?? My Question is how ISO 27001 can help them improve and establish a security/cybersecurity program with a strategy of 3 actions plans : 1) Immediate action plan (Timeframe 3 months) : Assessment/Gap Analysis CSET & Design & Access + Services review. (assets, facility, devices, links, customers, Design & Security Access & Control, NOC/SOC...policies and FULL system/net audit (Vulnerability & Pentesting for Critical system), Training, Top Management and engineering Cybersec Awareness and Fullpicture Cybersecurty project awareness. 2) Mid-Term action plan (6 months) : prepare and build SOC team/Org people capacity & process and practices for CyberDevOPs operations including Assets Management-ITSM+RISK (config, probem,incident,..Mng), Training Cybersec Awareness, SEC +, Ethical Hacking, SOC operation & Incident Response & Threat hunting. 3) Long-Term action plan (18 months), prepare the ISO 27001 or PCI-DSS requirement, gap analysis(CSET), policies, procedures..., project management PDC.... plan for implementation....with We want to deliver a high-level cybersecurity 1 page action plan. if we get the approval with will very glad/happy to partnership with you in many-ways, we will buy the ISO-kit bundle and we will engage with you in ISO270001 implementation project for our Customer (we can discuss .. the .. forward plan...after getting the deal). We are very serious in this deal and the customer is very keek to start business with us as we assess them to close a severe threats/cyber holes in their infrastructure. Please advise with any starting document/plan that can help us getting this tough deal/closed as they need an immediate action with vision to adopt ISO270001 or PCI-DSS. -
ISO 27001 Integration
I have just been approached by a Large Organisation, who asked as to whether there is any integration for PCI DSS/ISO 27001 requirements with specific regard to Data/Information Management. This is a really large opportunity, and I shall discuss more detail if I know as to whether this is possible. -
Clause 8.1
Thank you for your email, I was wondering regarding Clause 8.1 would you expect to see any evidence like an Operational Control Procedure and what content would you expect to see in it? -
27001 question
Thank you for the rich information provided in the article on the new features of ISO 27001:2022 (https://advisera.com/27001academy/explanation-of-11-new-iso-27001-2022-controls/) Since the new controls introduced are not mandatory, I will like to ask if ISO 27001:2013 LA/LI certificate holders are required to Transit to the new version of the standard. Are companies that are currently certified to ISO 27001:2013 mandated to transit to the new version.