ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • ISO 27001 Asset Management and Information Classification

    Could you please clarify the relation between having Asset management process in place and Information classification policy.
    - Our Assets (Laptop, Desktop, Servers and SW license) and we have defined the full cycle in the process
    - Our Information classification is mainly for documents and processes (Confidential, Restricted, Internal use)

    Thus I would appreciate it if you can explain/clarify the following points:
    - Do we need to classify our Assets or label it as (Confidential, Restricted, Internal use) or do we need to add another category for assets
    - Do we need to classify the info on Assets !! but if Laptop (as an asset) has documents confidential and documents restricted ? in this case laptop as an asset

    Is considered to be confidential or restricted ?

  • ISO 27001 Certification

    Please what is the difference between PRACTITIONER vs lead implementer iso 27001 certification

  • Scoping an organisation to be ISO 27001 certified

    How do you scope an organization to be iso27001 certified?

  • Information security reference in supplier and employee contracts

    In terms of commercial and Employee contracts, as interested parties, should there be a clause in the contracts to cover information and security? If so, is there a standard clause that can be used to cover this? 

    I know these would need to be legally checked, but in your opinion, is the following a reasonable outline to be working with?

    'Information management. *** operates under the guidelines of ISO27001 and The Data Protection Act (2018). Both parties must adhere to the specified processes and practices outlined in the company's Information Security Management System (ISMS).'

    'Intellectual property. All rights to Intellectual Property remain with ***.

  • GCP security controls which comply with ISO 27017

    Can you advice me on GCP security controls which comply with ISO 27017 with respect to application level security..could you please help me with that..would be a great help for me?

  • Control number A.8.1.3

    What does acceptable use of assets intend to say in the control number A.8.1.3

  • Making evidence to RPO and RTO

    If you could help to understand how Can I make evidence to RPO and RTO?

  • Data definition

    Please can you define what constitutes ‘data’ under the ISO27001 criteria? Data is everywhere. Is it just sensitive data that we need to capture within our ISMS scope? How do you define sensitive data within both the internal and external business context?

    I know from Dejan’s webinars on ISMS scope, that we only need to have in scope where data is processed that is in our control. Not data that is processed that is out of our control.

  • ISO 27001 related to international requirements on data protection, telecommunications, incident investigation

     I would like you to tell me how ISO 27001 is related to international requirements on data protection, telecommunications, incident investigation

  • Question regarding Asset Based Risk assessment

     Dear Dejan, trust you are well.  I am doing my first Asset Based Risk Assessment and I am using your book Secure and Simple.  What to do with assets such as company mobile phones which do not have access to the company network and are not used to send any information in emails etc.  Do I list them in the Risk Assessment?

Page 9 of 411 pages