Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Recording serial numbers when destroying hard drives
I have query. When destroying hard drives with a iso27001 certified company. Do we need to add and record serial numbers for each HDD? -
Audit query
We have used all the materials and templates that Adviseria sent During stage 2 audit what if there is no evidence of a procedure because the procedure has not been carried out as yet? Is it a finding? -
Risk assessment: minimum content?
In our Risk Assessment table, is there any "minimum" content we should have to be "credible" from an auditor point of view? Seeing our scope and assets I've listed, I think I'll end up around 150 lines in the table. Is this Risk Assessment Table a good document you would be able to review for me and provide feedback on? Or is this too specific to certain business (like ours that is focused on our SaaS platform)? -
Process of ISO 27001 Audit
What are the basic things that we need to prepare to successfully clear the audit and basically what documents. -
Finding SOC 2 auditor
I have a question for you. How do I find a SOC 2 auditor? Our company is in California, USA. -
Toolkit content
We did a free version of Conformio and we decided to buy the toolkit. We are currently working our way through the documentation, and we are busy with the Risk Register. Please see attached diagram that was found on your website. I was under the impression we would be given these types of resources for each asset. Is it not a part of the toolbox? -
Leader Auditor 27001
My doubts go more for real situations in an audit, where to be able to see these cases. For example, if an auditor finds that in an audit the software that a company has is illegal, how should he proceed, or in what cases can an auditor abandon an audit. I have read complementary ISO 27001 but I do not find these real cases that can happen and how a lead auditor is supposed to act. -
ISO 27001 package question
we are making some progress with our ISMS implementation and I have two questions: - Is a "Inventar der Werte" obligatory? As I understand this it's just a list of all values that appear in the risk analysis. Why is an ID needed? - Could you tell me the correct order of internal audit, management review and implementation of measurements? I understood it like this that first all measures have to be implemented, then there is an internal audit by someone of us or a consultant, then we need to do the management review and implement the recommendations from the internal audit and then we can ask for an external audit - is that correct? -
One question about ISO 27001
I have a short question: where is the chapter 7.4 (Communication) of the ISO 27001 covered in your documentation? -
Policies specific to HR & Admin
Where do I address ISO 27001 controls A7 & A11? Also is there a consolidated mapping in Conformio that can tell me what ISO clauses & controls have been covered through the documents created and what is still pending? This will help me to validate whether we have met the required ISO 27001 needs.