ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Implementing ISO 27001 - timeframe

    how much time does an org need to implement ISO 27001 after workshop of Lead Implementor?

  • ISO standards for Operations Security and Security Incident Management

    1. To meet the ISO standards for Operations Security and Security Incident Management, is implementation of a cybersecurity tool necessary?
    2. How much history of “records” is needed to show the auditor evidence of newly formed operational processes?
    3. Typically, once the ISMS prep is completed, how long after can a company get certified?
    4. Typically, for a small company, less than 20 employees, 5 sites, how long does ISMS project take?
    5. What are some examples of the information assets for the inventory list for a small company

  • Certifying bodies

    I’m looking for certifying bodies for ISO27001. PWC is one but am looking for 2 more to get a quote from. Preferably located in ***. Any suggestions?

  • Role of an ISO Lead Auditor and Implementer

    1. What is the role of the lead auditor and lead implementer in ISO processes?

    2. What should an organization have such persons?

  • Risk assessment

    How to Perform Risk Assessment

  • Risk assessment

    Junto con saludarte, te comento que estoy haciendo mi evaluación de riesgo y tengo unas dudas al respecto.

     Por ejemplo, uno de mis activos es el servidor, las amenazas sobre el son varias, por ejemplo: fuego, inundación, etc… si yo ya tengo disminuidas esas amenazas poniendo sistema antiincendios, alarmas, extinguidores, sala aislada, etc…tengo que incorporarlas dentro de mi evaluación? Y de ahí asignarles un valor que resultara en aceptable o inaceptable? O la evaluación de riesgo se hace con lo que ya esta implementado…

    (Along with greeting you, I tell you that I am doing my risk assessment and I have some doubts about it.

    For example, one of my assets is the server, the threats on it are several, for example: fire, flood, etc ... if I already have those threats reduced by putting a fire system, alarms, extinguishers, isolated room, etc ... I have to incorporate them within my evaluation? And from there assigning them a value that would result in acceptable or unacceptable? Or the risk assessment is done with what is already implemented ...)

  • Question about documents

    Hi all,

    1 - Are documents covered by the document control policy only security-related E.g. regulation, or is it any company document?

    2 - Is there a clear definition of external documents? The concept seems nebulous. Maybe a sample policy we can look at with some examples of what other organizations do may help.

    3 - For example, an email is an external document, so would someone be tasked to archive them somewhere in this policy?

  • New version of ISO 27001 standard

    Do you know when the standard is up for changes so I can be a little better prepared?

  • Is ISO 27002 part of ISO 27001?

    Is ISO 27002 part of ISO 27001?

  • Fiber optic cable risk

    Sir I need risk that happens due to work with fiber optic cable

Page 7 of 428 pages