Get a 20% discount on the first year of the Company Training Academy annual plan.
Limited-time offer – ends April 24, 2025
Use promo code:
CTA20

ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Product: ISO 27001/Risk Assessment Table ISO 9001:2015 ISO27001
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Toolkit content

    Today we downloaded the toolkit for creating ISO 27001.

    We noticed that appendix A_6.1 does not contain a document "internal organization" that the points of the declaration of applicability 6.1. contains:

    A.6.1.1 - Information security roles and responsibilities
    A.6.1.2 - Segregation of duties
    A.6.1.3 - Keeping in contact with authorities
    A.6.1.4 - Keeping in contact with special interest groups
    A.6.1.5 - Information security in project management

    Our document 6.1. is the regulation on BYOD. Is there a document missing or could you send it to us?

  • Consent for processing children's data in the EU

    Please give an overview of the topic you wish to discuss, and your particular situation.:

    We are a Market Research firm based in ***. We conduct market research surveys on Gen Z and Millenials (13-39) and just moving to international data collection. We use panel providers so do not have our own panel of participants. I'm trying to write our first Privacy Notice and am struggling with stating rights for revoking parental consent to processing of children's data. While we collect sensitive information like (gender, age, ethnicity, etc) we do not collect email address, names, addresses which would be personally identifiable. Howevever, to ensure data integrity we do collect IP Address automatically in our surveys along with other geolocation data. This is only used to ensure survey participants are truly from where they say they are from and that they are not repeat participants for that particular survey. After the survey is complete and we have reviewed for accuracy we remove that information from the data rendering the other data anonymous. If we tell them they can withdraw consent even within that 14 day period though the likelihood of use locating the exact record for that respondent is very slim. Is it ok to state that? For example: "If the legal basis for processing is parental consent you have the right to withdraw your consent for processing. Due to the limited information we collect, however, location of the data may not be possible. However, we will make every effort to do so. If you wish to withdraw consent to the processing of your child’s data please email ***."
    Any help greatly appreciated.

  • Knowing ISO 27001 and ISO 22301

    Buen dia, una pregunta, quisiera saber sobre las normas de seguridad de la información   ISO 27001 e ISO 22301, se puede hacer de manera libre o gratis y luego certificarse?

  • End of life and ISO 27001

    I hope you are well and you have been having a great week so far. I was wondering could one of your highly experienced consultant answer the following ISO 27001 question. Part of ISO 27001 we need to main an end of life process for equipment’s and maintain a system of managing re-use of the same equipment lets say in the scenario someone leaves the company etc. My question is we are 100% remote based working from several location around the world for example ***, *** and ***. How do devise a plan for such a scenario. Genuinely don’t know how to approach this. Should we pay a third – party company to manage if so how does the different location and lack of physical office structure come into play.

  • BIA and Risk Assessement

    Hi 

    I am done with BIA with 3 departments and now I am working on the BC strategy and BC Risk Assessement. I need some help in clarifying the doubt with example that how will RA going to help me in my BC strategy and BC plan in a more rounded manner. 
    I am not able to understand the link between the RA and BC plan and strategy. 
    I need a simple example to understand the link between the three. 
    Please can anyone answer my question.

    Thanks

     

  • Business continuity terms

    Is MTPD equivalent to MTD or MAO as per ISO 22301? Where we can find MTPD terminology?

  • Mandatory and non-mandatory documents

    Your website (https://info.advisera.com/27001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-27001) indicates MANDATORY Documents and NON mandatory Documents. Yet you say for the NON MANDATORY - "However, I find these non-mandatory documents to be most commonly used:"

    1 - So what are the Documents needed to pass and What documents are NOT, and Still Pass the ISO 27001 cert?

    2 - Are you saying the List you show in the List are the Items We dont Need?

  • ISO 27001 Lead Implementor - need to maintain certification

    Hi,


    As per the subject - if I were to sit and successfully pass the ISO 27001 Lead Implementor Exam does this certification expire or need renewing agter a period of time?

    Thanks
    Lee

  • BIA or RA

    Thank you Dejan for addressing my question during this webinar.

    My confusion is which one comes first BIA or RA. Also, how can the results of the RA be used in the BIA?
Page 94 of 544 pages