ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • External audit

    Há algum tempo atrás tivemos evidenciadas não conformidades devido a uma auditoria externa. Gostaria de saber se com as ferramentas disponibilizadas, seria possível ter os elementos para responder a estas não conformidades e também fazer frente a outras auditorias.

    (Some time ago, non-conformities were evidenced due to an external audit. I would like to know if with the tools available, it would be possible to have the elements to respond to these non-conformities and also to face other audits.)

  • Questions about ISO 27001 implementation

    Gracias por la información alcanzada, tenemos algunas consultas.
    1.- Hay alguna diferencia entre el ISO 27001:2013 e ISO 27001:2014?  teniamos entendido que el 2014 era la versión mas actual. Nuestra implementación queriamos
    basarnos en el 2014.
    2.- Actualmente estamos dentro  de nuestro proceso estamos en la etapa de Diagnostico, para ver los factores críticos dentro
    de los procesos.   Para esta etapa que Plantillas serian mas recomendables a Usar.???
    3.-  Una vez terminada la parte de Diagnostico, nuestra siguiente etapa era ya realizar la implementación del SGSI indicando los controles 
    necesarios y Monitoreo. Al respecto hay alguna recomendación con que plantilla comenzar la parte de implementación?
    Agradeceriamos mucho alguna sugerencia o indicarnos que información a revisar mas profundamente para poder encaminarnos mejor.

  • ISO 27001 rules to consider for usage of documents

    Has ISO 27001 give any recommendation or rules to be respected on usage of documents based on their level of classification. for example: a document classified confidential, is it permitted to be saved on public cloud, on which conditions.

  • ISO certification: 7.4 Communication

    We are contacting you regarding a request we have: the auditor are asking about this point 7.4 Communication in ISO-norm. We bought the templates from you, but the templates does not include this point. Could you please provide a template for this point 7.4?
    7.4 Communication The organization shall determine the need for internal and external communications relevant to the information security management system including:

    a) on what to communicate;
    b) when to communicate;
    c) with whom to communicate;
    d) who shall communicate; and
    e) the processes by which communication shall be effected.

  • Adding new control to SoA after audit

    hi can I add a new control to SoA after certification and before surveillance audit

  • Sending personnel data from UK or Europe for analysis.

    I am hoping to offer a service to UK /European organisations to help them identify areas of bias and inequalities particularly in the areas of gender pay and advancement and pay gaps relating to ethnicity and disability.

    I am speaking to a US company who could process the data for the results I want with their Artificial Intelligence.

    What would be the steps necessary to ensure that both the transmission and processing would be compliant in every regard?

  • Purchase persuasion

    How to persuade leadership to purchase

  • ISO 22301 Compliance Matrix

    What I need is the ISO 22301 compliance matrix, to identify the Implementation Guide. If possible, complete ISO 22301 standard.

  • Risk analysis

    I am currently managing the quality department of a medium size company. xx employees, xx sites.  We are ISO 9001, 14001, 27001 and eIDAS certified.
    We are currently using excel to do our different risk analysis.  Quite efficient... but not really user friendly.   For the last couple of months, I have been trying to find out if anyone would have thought of something more dynamic.  Without much success I must admit.

    Would you mind advising if you ever came across a solution dedicated to risk analysis ?  One that could be implemented in small businesses, practicable, affordable, not requiring 10 consultants working weeks on it to implement it ?

    Any advise would be welcome.

  • CIA, Privacy and risk management

    How CIA Triage And privacy severity of the asset (Asset Value) to be aligned along with Impact & Probability in risk management?

Page 8 of 428 pages