ISO 27001 & 22301 - Expert Advice Community

Home / ISO 27001 & 22301

Discussions

Top Contributors

Expert

Rhand Leal

4151
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit ISO 9001 Risk Assessment Product: ISO 13485 Documentation Toolkit ISMS Internal Audit register of requirements Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit AS9100 Product: EU GDPR Documentation Toolkit
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • ISO 22301 Toolkit - BIA questionnaire questions

    Currently, I have several questions regarding the business impact analysis questionnaire. Let me ask you below.

    1. Should each process (activity) fill part 2 of the worksheet? Or maybe only those that were rated on a scale of 3 and higher in the course of the analysis and also those activities indicated as necessary for their functioning?

    2. With reference to qualitative estimation. In your opinion, is it good practice to define the scale of financial losses as described below for general estimation (point no. 3 of the questionnaire)? Do you often use such a solution?

    1 - less than 1% of monthly revenues
    2 - 1-10% of monthly revenues
    3 - 10-30% of monthly revenues
    4 - over 30% of monthly revenues

    3. If I add revenue ranges in point no. 3 of the questionnaire, should I do this also in point no. 10?

    4. If I have 2 locations in my company that perform the same processes, but separately - independently - should I analyze them separately or collectively? How about averaging the data in one questionnaire?

  • Standard Operating Procedures in ISO 27001

    Which document in iso 27001 matches a company Standard Operating Procedures?

  • CONFORMIO - Assets management

    Please be so kind to clarify: given the fact that risk assessment in Conformio can be conducted based on groups of assets how we can assess each individual asset in Conformio? The same issue is applicable also for threats, vulnerabilities, likelihood, etc. Thank you in advance for the reply.

  • Risk Consultation

    Can I include information security objectives within the risk treatment plan? How should I include the information security objectives in the asset list and then assess the risks and treat them?

  • Conformio and ISMS

    Sorry bother you so much, I've implemented the 9K, 14K and 18K a few times already but it's the first time on 27K. So I've got another question for you. I'm trying to achieve the 27001, 27017 and 27018 at the same time, which are the main ones for any SaaS company. So for instance, the Information Security Policy is mandatory for all of them, however when I open the doc we have in the platform it seems not to cover 27017 and 27018. So my question is, should I request those specific docs straight for you? If we you guys have it as well. There aren't many docs but they are important for the ISMS compliance. Thanks one more time for your amazing help/work.

  • Risk treatment plan

    hola, quiero hacer una consulta. Si el Plan de tratamiento de riesgo, es considerado como "Plan de acción" ¿pueden incluirse en en el plan los objetivos de seguridad de la información?

  • Como devo prosseguir com um relatório?

    Como devo prosseguir com um relatório?

  • Internal auditor qualification

    What is your suggestion what qualification internal auditor should have as part of implementation....iso 27001 lead auditor is sufficient?

  • Conformio documentation access

    I'd like to see a few docs with you that I am in need of but couldn't find. Please find the list below. - Policy on the use of encryption - Operating procedures for IT management - Secure system engineering principles - Business continuity procedure - Cloud Security policy - Policy for data privacy in the cloud - Statement of acceptance of ISMS document I got this list from a doc of yours called "List_of_documents_ISO_27001_ISO_27017_ISO_27018_Cloud-EN.pdf", and most of them are mandatory for the ISMS from 27001 and a couple of them for 27017/27018. All the other docs I needed I was able to find in the platform. If you can help me with that would be great.

  • Implementation of GDPR & ISO 27001

    Three questions related to implementation of GDPR&27001:  

    1. Which approach should be taken to development of the Information Security Policy taking into consideration that we already have three sources and three templates of this document?

    • 11.3.1_Information_Security_Management_Policy_20000_EN
    • 04.1_Information_Security_Policy_Integrated_EN, which is included in the folder 04_General_Policies part of the GDPR&27001 Toolkit
    • Information Security Policy to be generated via Conformio

    2. How to approach the development of the remaining documents within GDPR&27001 Toolkit, because they are integrated with GDPR and those on Conformio are not integrated with GDPR? As you already know, we should develop/achieve an integrated GDPR&27001 package of documents at the end of the day.

    3. Given the fact that we don’t have the obligation to assign a Data Protection Officer and create it as a job title, what other role would you recommend – Data Protection Controller’s representative or other approach will be more suitable in order to comply with the requirements?
Page 98 of 544 pages