ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Doubt in filling in documents

    Good morning, We acquired the document kit for ISO 27001 and I have doubts about how to fill it out. How can I clarify these doubts? Doubt 1: Some of the links pointed out in the comments are no longer available, is there an update? Doubt 2: Some documents mention “[position]”, I would like to know what is the most advisable way to change this variable? If for an existing position even if that position is in several functions or fill with a position to be created but which will temporarily be occupied by the same person? Question 3: How can I find out which laws are mandatory for my company/situation?

  • Documents considered as next-level projects

    Hello Dejan, Thank you for meeting with me on Friday. As you mentioned during the meeting, the following documents should be considered as next-level projects since they are not needed for our company. Am I correct in that assumption? 04.2_Cloud_Security_Policy_Cloud_EN.docx 04.3_Policy_for_Data_Privacy_in_the_Cloud_Cloud_EN.docx Furthermore, I would appreciate it if you could see the attached and tell me which step you mentioned is not applicable to us? (If any)

  • Compliance review

    If you are performing a compliance review of a company who says they are ISO 27001 certified, what can you ask for to determine if they are certified and meets my companies security posture as a vendor? Can I obtain an audit report and annex A?

  • Combining the ISO 27001 policies into one manual

    Hi Dejan, I hope you are well? I have been requested by one of my seniors to combine all of the ISO27001 into one manual handbook. I was wondering is this practice a good idea? Also if its ok to do how does this apply to version controls and review etc. As always you and your team’s advice is highly respected and regarded.

  • Revisione

    Good evening, the inspector who will carry out the audit reported the following documents to us: Organization chart, Integrated System Manual (or equivalent), Information security policy, Context analysis, Applicability statement, Risk analysis, Asset List, Continuity Plan, Disaster Recovery, Last Management Review. Internal Audit Results and Reports. Do you have any information on those documents that they have requested from us but which are not present in the kit?

  • Statement of Applicability

    We also just have a question re the risk treatment template. Appendix 2 - Risk Treatment Table allows for a single control per risk identified. If we believe multiple controls are applicable on some risks above the risk threshold, should they be documented? Or is it a case of just listing the most important single control and leaving the others for the Statement of Applicability. Thanks

  • Control procedure

    I do have some questions related to implementation of the ISO27001, for example we already have document control procedure based on the ISO 9001 do I update it to reflect the ISO 27001 or have a standalone document control procedure based on the ISO 27001. I do need this clarification

  • Questions regarding ISO27001 documentation

    I’m writing to you on behalf of the company *** and its CEO ***, who bought the ISO27001 toolkit. Here are some questions I would like to ask. 1 -         In the pack that we bought, we can’t find the document regarding Business Continuity Strategy. First I thought that it is the same as the Disaster Recovery Procedure but after having a look here https://advisera.com/27001academy/documentation/business-continuity-strategy/, I found out that this is not the case. Could we receive a .doc italian version of this document, like we did for the rest? 2 -         All along the instructions we can see that the documents refer to clauses (e.g. A.17.2.1, 7.5…). These clauses sometimes match with the code of controls, other times they don’t. Do these clauses refer to controls or not? If yes, why don't they always match? If not, what do they refer to and is there a list of clauses? 3 -         In our documents we put the reference documents towards the end of the documents in the same table with the records. Is that ok or is it better to separate them and put the Reference documents at the beginning of the documents like you did? 4 -         In some of our documents/politics we describe the Violations of the Politics in a dedicated paragraph while in your documents we don’t find them. Can we keep these paragraphs regarding Politics Violation or not? 5 -         Can we put a document/section with the Organisation chart emphasising the key figures with responsible roles in ISMS? And linked to this topic two more questions: could we use a RACI matrix in the documents?  Could you suggest the best way to call these figures in Italian? Thank you in advance for your help and have a nice weekend.

  • AML-ISO 27001

    Hello, I have a question regarding the ISO 27001 certificate, does this certificate include AML policies?
Page 75 of 544 pages