ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • IT Auditing

    I am working with companies as a consultant and helping them prepare policies they require for ISO27001 and ISAE3402 (also SOC1 and SOC2). I have also managed the audit process for my own business.

    My question is what can I do if I get certified that I can't do now? Secondly, do I have to get certified for all 4 - ISAE3402/ISO27001/SOC1/SOC2 or can I do one overarching certification that will apply to all? Also what are the global bodies that accredit ISO certifications and does that apply to Advisera?

    Thanks for your help.

  • Documents necessary for audit

    Quisiera hacer una consulta….  

    ¿qué documentos, de manera necesaria, se debe presentar a una Auditoría para Certificación ISO 27001, a parte de las políticas, procedimientos obligatorios de ISO 27001?

    Por ejemplo: Mapa procesos, manual del SGSI, etc.)

    (I would like to make an inquiry…. What documents, in a necessary way, must be presented to an Audit for ISO 27001 Certification, apart from the policies, mandatory procedures of ISO 27001? For example: Process map, ISMS manual, etc.)

  • Dealing with business processes experience

    I need your feedback on dealing with business processes experience.

    Do we limit ourselves to processes that have links with the information system or do we put other vital and commercial processes such as the purchase of raw material, storage… as a process excluded when defining the scope?

  • Policy statement

    What is policy statement?

  • ISO 27001 - Context of Organization

    Does ISO 27001 say that organizations have to understand internal and external issues, interested parties and their requirements, when defining the ISMS scope? Is it correct to say "YES"? Or the understanding has to take place BEFORE and not DURING or WHEN ?

  • Question about training

    At what stage can I start looking for a job after the course (Security Awareness training) and what role can I apply for?

  • Example of risk and its correspondence residual risk

    Could you kindly give me the example of a risk and its correspondence residual risk. So, that it can be made clear for myself.

  • Processes, Actives, Procedures, Process , Functions

    I'm a little bit confused with some terminologies such as:

    1.            Process.
    2.            Activity.
    3.            Procedure.
    4.            Function.
    5.            Policy.

    Could you please explain these terms giving some examples?

  • Implementation duration for ISMS/BCMS

    according to your calculator (- Duration of ISO 27001 / ISO 22301 Implementation) we would need 8 months for ISMS or BCMS implementation. How long do you estimate if we implemented both at the same time? Would you recommend implementing ISMS first and then BCMS, or both at the same time in order to use as many synergies as possible?

    I ask the same questions regarding ISO 27017 and 27018. Should these be implemented at the same time, or is it better to follow them up according to ISO 27001?

  • Scope definition

    In my Company, we want to establish iso27001 on Whole Organization. We Develop, Establish, and support ERP Solutions. ERP use some web service (Micro Service or API) from some third parties which some of them have licenses and others is free. Is Web Service effect on ISMS Scope?

    also, Should we consider the risks of using the API in the risk assessment Process (like Access Control, Malware Analysis, Monitoring, ...)?

Page 6 of 428 pages