ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO27001 Lead Implementer Training

    Hello I recognise that the exam for the course provided by Advisera is "accredited" by Exemplar Global but there seem to be several ISO27001 Lead Implementer qualifications provided by and accredited by various companies. Are these qualifications benchmarked against each other to ensure they are the same level of detail/difficulty? Also, having passed the exam can you state you are an "ISO27001 Lead Implementer" or do you need to demonstrate some level of practice in the industry (in the same way as the CISSP and CISM qualifications) to an over arching body? I really like the content and having completed the Foundation exam am keen to proceed with the Lead, I'd just like to check my understanding of what this gives me. Best regards Lee

  • Documenting processes in the ISMS

    how exactly do the individual ISMS processes need to be mapped? E.g., is it enough to write "HR" or do I have to explain every step of for example the process "managing employees"?

  • Mudanças no documento

    Ola Dejan, grato pela resposta.

    Permita-me uma outra pergunta: com a pandemia, foi revista a política de dispositivo móvel? Ela tem alguns pontos onde certamente não cumprimos pela emergência de colocarmos funcionários em Homeoffice. Como a versão que possuo é de 2015, houve alguma alteração?

  • Documents required from support/CSM perspective

    Could you advise what documents would be required from a support/CSM perspective, please

  • Requirements to satisfy the requirements of ISO 27001?

     completed this training already and I enjoyed it.


    Quite a lot of this content was a ‘common sense’ for someone who works in the field, but it will be new to other staff members and my ISO 27001 team members.

    I’m just wondering if this training plus our GDPR e-learning and an annual refresher would be enough to satisfy the requirements of ISO 27001?

    I think some input on policies and procedures would be required too.

  • Risk Assessment of Assets

    Hello As part of compliance with the NIS Regulations we are identifying assets, grouping them and them Risk Assessing them as a group. Our aspiration is to implement ISO27001 in the future so I am thinking this is an opportunity to get our Risk Assessments aligned to the standard.  I am guessing for ISO27001 we would have to risk assess the invididual assets rather than as groups? So, rather than risk assess Core Network VMWare Business Systems Desktop Applications Would we need to risk assess as follows? Core Network VMWare Business System 1 Business System 2 Business System 3 Business System 4 Business System 5 Desktop Application 1 Desktop Application 2 Desktop Application 3 Desktop Application 4 Desktop Application 5 Thanks Lee

  • Conformio expert question about asset and access mgmt processes

    How does Conformio support asset and access mgmt processes?

  • A.14.2.7 - is a developer hired as a consultant considered outsourced development?

    We're a software development team of 3 persons. 2 of the persons are hired directly as employees in our company but the third developer is hired through his own company, which means that legally he is a 3rd party. BUT he only works with us for the time being, being supervised by the two other developers and in every other way working as if he was practically hired directly by us in our company. Is this considered "Outsourced development"? I mean it's not like we've engaged a large company to do the development for us. The only difference is that he is sending invoices to get paid while the two other developers are getting their salary as employees.   So - is a developer hired as a consultant considered outsourced development?

  • Implementing 27001 or 22301?

    Te reescribo la pregunta que por el chat podía estar mal redactada. Para mí, como autónomo que me dedico a la asesoría, ¿crees que es más acertado que “me implemente” la 27001 ó la 22301? (no me refiero a implementar a otros)

  • ISMS evidence

    As part of our support, I want to request some more explanation on the questions below related to ISO-27001:

    Evidence of Communication Plan for Communications Related to the ISMS
    Documented Management Review Process
    Evidence of the Results of the Management Reviews 

    Kindly provide more explanation about these requirements and what document templates maps to them .
Page 76 of 544 pages