ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Risk Treatment Implementation and Risk Treatment Plan

    We are working on the ISO 27001 documents we purchased from Advisera.

    1. We are discussing the implementation steps and we are a bit confused about the Risk Treatment Implementation and the Risk Treatment Plan. Please what’s the difference between the two. When are the risks actually treated?

    2. Also, what’s the difference between the risk treatment methodology and the risk treatment plan.

  • Can Risk Assessment be automated?

    Can Risk Assessment be automated?

  • Distance between server sites

    I am looking for either regulation or recommendation for the distance between the primary and disaster recovery location of the server sites. Is there any?

  • Global background checks

    Hello, do you have guidelines for Global background checks? based on country, region and local laws How they impact in complying with the certification

  • Query on documents for ISO 27001 & ISO 9001

    Hi I have recently taken on a new role as MS coordinator in Logistics Software company which has an IMS 9001 and 27001.  Do the required document lists for the individual systems still apply for an integrated system or can some documents be combined? Many Thanks your site has been really useful and has helped me clarify several queries.

  • Is AWS 27001 sufficient to show security?

    I run a video consultation company (***), which works via desktop and mobile apps with data being stored in the cloud (AWS which has 27001), is AWS 27001 sufficient to show security or do I need to do additional things? and if so What. We are a small start-up so funding is very limited or zero!

  • Risk Treatment

    I am very new in this field (IT Security ISO 27001) and my biggest issue is to understand how can I improve my knowledge and use for the praxis because I have good knowledge about ISO27001 but I don't have any idea how can in use that in praxis.

    For example when I have scope and SoA documents how can I implement to the praxis with help from ISO 27001 and create a risk analysis, Risk treatment, and so on.

    It would be very grating if you have some advice for me.

  • ISO 27001 scope

    1. We use a third party to provide infrastructure for our product (Installation sits on an AWS Server). On the Scope document, what would we put under “Location” for these servers that are provided by a third party?

    2. What would we count as our assets regarding these servers that are provided by a third party? These servers are accessed by our staff to do our work using any laptop that is available to us, provided that the IP is cleared by our CTO to access the servers

    3. Do we need to reference anything from the Third Party provider? Where will it be referenced in the ISMS?

    4. Can you give examples on how regulations, like GDPR, translate into a policy or procedure – like a specific rule in the Information Security Policy Document. I just want to see an example of the wording pattern in a policy where a regulation is referenced.

    5. Let’s say the scope of ISMS for now applies to the Services that we provide that are hosted in a third party provided server. What would be examples to exclude?

  • Gap analysis

    Does you toolkit have provision for gap analysis?

  • Assessing the infosec requirements for new ict systems

    Kindly explain the meaning of Assessing the infosec requirements for new ict systems

Page 8 of 389 pages