ISO 27001 & 22301 - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Justification for selection a control

    I know that generally the Justification for selection a control can be a risk, Top management solution, or legal requirement.

    Can Justification also be "Best practices in IT", or "IT Management decision"? Or it must be one of the 3 mentioned above?

    Thank you!

  • Defining scope

    Thanks for this. Is there any where that I can get this information online while waiting for your webinar?

    I have an urgent need to define the scope for one of my potential client but I can not wait until your webinar on the 16 Dec.

    Appreciate if you can share some on-line references for the similar topic.

  • ISO 28000 growth

    I noticed from the Advisera blog that there had been a significant increase in the numberof organisations certifiying to ISO 28000 (Information Security in Supply Chain).  Does anyone know why this might be? II've filed this under ISO 27001 as that's the closest standard, I think)

  • ISO 27001 certification

    1. How long can the background preparation stage for ISO 27001 Certification take?

    2. Can I make my own assessment in this regard without consulting the policies, regulations and expectations of the company directors?

  • Control A.8.3

    Quick question regarding the toolkit, there is nothing covering point 8.3 of annex A regarding removable medias management ?

  • Asset metrics

    dear support iam IT MANAGER in oil and gas company what kind of assets scheme do i create to collect both manual and digital information from all my organization departments , need sample .

  • Backup policy

    I'm new to Information Security, and I have read Document policy, but I have concerns about the Backup responsibility.

    Is the DBA responsible to take and store the Backup? or should be another responsible for it?

  • Function segregation matrix in a small company

    Preciso de uma ajuda/dica, de qual a melhor maneira de conseguir formalizar uma matriz de segregação de função, numa empresa pequena.

  • Certificate Maintenance

    Hi Advisera Team,
    I have bought the ISO 27001& ISO 22301 toolkit and it's really amazing. I have some questions regarding the annual cost of the certification (22301).

    1 - The certification body has set 2 days for surveillance audit. what is cost for the second and third year and what is the cost of recertification (Roughly)?
    2 - What happens if for some reason the organization didn't pay for the annual subscription for two years for example and then wanted to re-certify after that.
    3 - Is there any hidden cost in the process of yearly audit and recertification audit?

  • 11.2.8 and 11.2.9

    Hello, dear Advisera support,

    I read description of these two controls:  11.2.8 Unattended user equipment and 11.2.9 Clear desk and clear screen policy.  What is the difference? Are they not the same? As I see, the Implementation method for us for these two controls is the same: Clear desk and clear screen policy.

    Thank you!


Page 9 of 428 pages