Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • ISO 27001 and minor non-conformities

    We had a question come up regarding ISO 27001 and minor non-conformities. I’ll enter it below hoping that someone from the training team may be able to answer it for us.

    Question we have;

    We have a certified facility that had a few minor non-conformities during its last surveillance audit.
    The audit provider gave the ISMS team until June 2023 to address them. They had 90 days to supply a fix.
    Did that mean they needed to report back to the auditor with the remediation by June?
    Or do they need to provide evidence that they were addressed by June at their next Audit coming up in March 2024?

    So, does that ISMS team need to proactivity reach out to their auditor with the evidence that the non-conformities have been fixed?

  • Labelling information

    Quick question on the requirement to classify and label information. Are we expected to do this for all historical documentation as well as documentation moving forward?

  • Infosec responsibility for BCP from an IT perspective

    is it logical to have the IT responsivity on BCP led by the Infosec team?

  • Question around contractual and legal requirements

    Will the organisation have to go through each agreement and determine? If so, this may be a time consuming exercise?

  • ISO27001-cryptographic control

    1 - Would you be so kind to explain to me why I see differences between your explanation here:

    and my paper version of 27001 - there is Cryptographic control defined under A.10.1.

    I have iso 27001:2013

    In your text there is mentioned A.8.24

    2 - my second question is - can you recommend me any webpage where can I see any example of cryptographic control. thank you

  • Migration from the 2013 to the 2022 documents

    I am currently working on a project with a client attempting to get them ISO 27001:2022 certified. The project started in mid 2020 and we took over the project late last year and are using the 2013 version of the templates however, we are not sure whether we need to use the 2022 transition documents to update their project or whether we can stay on the 2013 iteration of the standard for their certification later on in the year. 

    If you need any further context regarding the project, please let me know.

  • Is your ISO 22301 toolkit covering ISO 22361?

    Could you please confirm whether you have Implementation Document Toolkits for ISO 22361:2022 - Crisis management — Guidelines and ISO 22316:2017 - Security and resilience? Or is your ISO 22301 Toolkit covering these requirements?

  • Latest version of Statement of Applicability

    What is the latest version of Statement of Applicability? Have the controls changed since 2017?

  • How to keep being trained and skilled and best way to find work?

    I am currently reading it and so far you succeded in making the topic of ISO27001 easy to understand and apparently simple to implement even though I have no expeirnce on that.

    I hqve pqssed the ISO 9001:2015 Lead Auditor CIRCA Exam but kind of new in the profession. I also passed the foundation vouse for ISO 27001:2022 with your company.

    I find mysleft isolated and not sure how to practice to keep what I learnt but most importantly find work because I am currently unemployed in the Philippines.

    What advise would you give me to keep being trained and skilled as well as to the best way to find work (middle-east, south-east asia or Europe)?

Page 9 of 543 pages