Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Is Security Awareness training complaint enough for ISO 27001 audit?

    Can you please clarify that the awareness training which is linked to our Advanced plan in Conformio is indeed complaint enough for ISO 27001 audit? I just would like to rephrase my question earlier. We are aware that the awareness training linked to our Advanced Plan are meant to help us with the employees awareness training control however, we are aim to use the scheduling option + quizzes and obviously monitor the activity. With that being said, would that be enough for auditing and to be complaint on that specific section? In addition, we have been following your Admin guidance for awareness training so, we are quite familiar with all options.

  • How to become an BIA expert

    How to become an BIA expert as a beginner, where to start and what to learn

  • Partial certification

    As someone who has been using your tools and services before, I wanted to reach out because our company *** is planning to get ISO 27001 certified. As such, one of our fundamental questions before we get started is 'whether a partial certification' might be possible. In other words, certification against some, but not all of the clauses of ISO 27001. Would you be kind enough to point me to some Advisera services and resources that might help us in our journey?

  • Question about how to identify ISO 27001 ISMS Assets

    I have a question on “what is an assets”.  We are having a bit of trouble deciding what an asset is. Do you have a clear definition we could use. Our current understanding is: We define the scope of the ISMS.  In our case we are a small company so the whole company is in scope. We know the Toolkit Documents and records are within scope, so will for the core document set in the DMS. Now for the rest ... Our understanding of identifying assets: documents, records, hardware, and so on. Is to ask the question: Does this asset have a security element to it to make it in scope? For example, a work instruction procedure to change a users password would be in scope. Whereas, a marketing brochure (that did not cover any product security) would not be regarded as an ISMS asset (accepting such a document – as an asset- may fall the under remit of another ISO Standard).

  • Contestation

    Could you help me and answer this quick question? In your opinion, what is the biggest challenge when carrying out a risk assessment and treatment? In my opinion "A correct definition and adequate analysis of the assets involved." Greetings.

  • Clause 7.2 (Competence)

    I’m missing one document in my ISMS, that is for clause 7.2 (Competence). Could you point me in the direction of a good format to put this information in. It’s a record of all people involved in monitoring and managing the overall ISMS right?

  • Number of policies and procedures required by Annex A

    I listened carefully to your presentation at the webinar. I think I heard what I expected. I really wanted to know about the number of policies and the number of procedures required by Annex A of the standard. Standard 27002 is available for purchase, but I do not want to give about 200 euros just to read the answers to the above two questions. After that, I no longer need this standard. I'll just buy the 27001 when it comes out in March. The table with the description of the new and merged controls from Annex A is useful to me. Thank you for it. With wishes for successful work

  • Question about Conformio project results

    Why are the mandatory documents reflected here https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision not mentioned in Conformio project results? If Conformio project results are not mandatory, why do we need it?

  • Annex A

    As a small organisation of only 6 staff that does no software development and only uses large-scale third-party systems such as Office 365, Windows 10, etc. am I safe to rule out all section 14 controls within Annex A other than the two listed below?
    • A.14.2.4 Restrictions on changes to software packages
      • Covered by the Change Management Policy
    • A.14.2.7 Outsourced development
      • Covered by the Supplier Security Policy"
Page 58 of 544 pages