Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:

ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Contestation

    Could you help me and answer this quick question? In your opinion, what is the biggest challenge when carrying out a risk assessment and treatment? In my opinion "A correct definition and adequate analysis of the assets involved." Greetings.
  • Clause 7.2 (Competence)

    I’m missing one document in my ISMS, that is for clause 7.2 (Competence). Could you point me in the direction of a good format to put this information in. It’s a record of all people involved in monitoring and managing the overall ISMS right?
  • Number of policies and procedures required by Annex A

    I listened carefully to your presentation at the webinar. I think I heard what I expected. I really wanted to know about the number of policies and the number of procedures required by Annex A of the standard. Standard 27002 is available for purchase, but I do not want to give about 200 euros just to read the answers to the above two questions. After that, I no longer need this standard. I'll just buy the 27001 when it comes out in March. The table with the description of the new and merged controls from Annex A is useful to me. Thank you for it. With wishes for successful work
  • Question about Conformio project results

    Why are the mandatory documents reflected here https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision not mentioned in Conformio project results? If Conformio project results are not mandatory, why do we need it?
  • Annex A

    As a small organisation of only 6 staff that does no software development and only uses large-scale third-party systems such as Office 365, Windows 10, etc. am I safe to rule out all section 14 controls within Annex A other than the two listed below?
    • A.14.2.4 Restrictions on changes to software packages
      • Covered by the Change Management Policy
    • A.14.2.7 Outsourced development
      • Covered by the Supplier Security Policy"
  • Advise on Project timelines for ISO 27001 Certification

    1 - Our ISO 27K implementation project is on track to complete the documentation phase by the end of March. The plan after that is to have all Control records and evidence in place for an Internal Audit by April 22nd.  Thereafter (all being well) the plan is to engage with an external Auditor to commence the external Audit process on June 15th with an aim to be certified by June 30th The question I have is, are these dates realistic? 2 - My second question relates to Major nonconformities.  As I understand it,  if the Audit finds a major nonconformity we have 3 months to correct it.  Is this a fix period, as in we can only move the audit process forward until the 3 months have elapsed, or does it restart after we have resubmitted the evidence that proves we have corrected it.
  • Implementation of ISO-27001

    I have a question regarding the implementation of ISO-27001. To what extent should the ISMS consider the actions and decisions of the sole owner of an organization? This person supports the implementation of the ISMS and complies with all arranged security practices. However, he/she could theoretically decide to bypass any security controls or simply stop financing the company at any time and no ISMS or business continuity plan could stop that from happening, given that employees don't have the authority to enforce rules or impose disciplinary action. Hence my question, should any of these rules or unlikely scenarios be contemplated at all?
  • Video of A17 (ISO 27001 lead implementer course)

    The last sentence of A17 is: “this is also called IT disaster recovery”. To what is this referred to? To point 4 only or to the entire section of A17?
  • ISO 27001 / ISO 27002 Update

    I spoke to the Company’s Quality Team Lead and she mentioned that ISO have issued a new version of ISO 27001, Please confirm if these documents would satisfy the requirements for the new version of ISO 27001?
  • Risk Assessment - Must Risk Assessments include business processes and activities?

    Hi As the subject says, may I carry our Risk Assessments on a per business system or IT asset group or must I also include business processes and activities? Thanks Lee
Page 8 of 495 pages