Search results

Home / Search

Category:

Sort by:

Select

Types of user:

Select

11269 results

Guest

Create New Topic As guest or Sign in

Business department* About business* Organization size*

Title *

Body *

HTML tags are not allowed

Category *

Select

Assign topic to the user

Select user

References on Procedure for Document Control in Toolkit

Answer: The document control procedure, as well as many other documents in the ISO 27001 documentation toolkit, were developed to be compliant with both, information security management system and business continuity management system. That's why you will find references for these standards. If you did not implement the business continuity management system you can simply delete these references. Their deletion won't impact your ISMS.
Supply chain risks

Answer: The parameters used for vulnerability measuring on supply chain risks will be the same you use for measuring your own organizational risks (e.g., low, medium, and high).

What is different when you consider supply chain is that there will be new types of threats and vulnerabilities usually not found on internal operations (e.g., shared resources between tenants, contractual breaches, etc.)

This article will provide you further explanation about supplier management:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

These materials will also help you regarding supplier management:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Risk management in e-learning course

Answer: No. The course was designed to help you understand ISO 27001 and manage risks using its content, but to do it properly you should attend all modules related to clauses 6 (planning), 8 (Operation) and Annex A, which would be modules 2, 3, 4, and 6. If you attend only module 3 you will miss items like Information security objectives [clause 6.2], and applicable controls [Annex A]

This article will provide you further explanation about risk management:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

This material will also help you regarding risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Internal Auditor

Answer:
There is no direct requirement (in ISO 20000) to audit the internal auditor, directly. If consider that internal audit is made before certification audit - that could be seen as a kind of audit of internal audit. But, explicit requirement doesn't exist.
Risk evaluation
>1 - Is this asset evaluation is mandatory in iso 27001.?

Answer: Risk assessment is a mandatory clause for ISO 27001, but you can choose which methodology to use, and assessing assets risks is just one of them. You can use, for example, scenario analysis, interviews or checklists also.

This article will provide you further explanation about ISO 27001 requirements:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/

>2 - Can you please tell me what is the risk residual acceptance criteria .

Answer: The risk residual acceptance criteria are the same criteria you use to evaluate a risk. The difference is that they are applied to the risks after controls deemed necessary are implemented, so you can re-evaluate them to decide if additional treatment is necessary or if the risk as it is now will be accepted.

This article will provide you further explanation about residual risks:
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

These materials will also help you regarding ISO 27001 requirements and residual risk:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Becoming an ISO 27001 and information security expert

Answer: The path to become an ISO27001 and an Information Security Expert goes through acquiring theoretical and practical knowledge on information security and accumulation of experience solving daily problems.

So, you should consider buying documents like ISO 27001 standard (https://www.iso.org/isoiec-27001-information-security.html), attend courses about ISO 27001 and other related to information security, and apply those knowledges to implement security controls and solve daily situations like incidents.

Some organizations also measure an expert by the certification he holds, so you also should consider to include some certifications in your curriculum (e.g., ISO 271001 Lead Auditor, CISSP, etc.).

These articles will provide you further explanation on what consider in information security competences development:
- What to look for when hiring a security professional https://advisera.com/27001academy/blog/2016/02/15/what-to-look-for-when-hiring-a-security-professional/
- How personal certificates can help your company’s ISMS https://advisera.com/27001academy/blog/2014/10/06/how-personal-certificates-can-help-companys-isms/
- CISA vs. ISO 27001 Lead Auditor certification https://advisera.com/27001academy/blog/2015/05/11/cisa-vs-iso-27001-lead-auditor-certification/
- How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/
- How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/

These materials will also help you regarding training resources:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Access control over Risk Assessment and Treatment Tables

Answer: Risk assessment and treatment tables should be accessed only by those who need to know them to plan, implement, monitor and improve controls to protect information. So, only a few people should have access to them, since most of organization's people will be users, with not active participation on controls management.

This article will provide you further explanation about access control:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/

These materials will also help you regarding access control:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
ISO 27001 per industry
According to last ISO Survey, the industries most interested in ISO 27001 are Information technology, Transport, storage and communication, Electrical and optical equipment and Health and social work. You can access the results of ISO Survey at this link: https://www.iso.org/the-iso-survey.html
This article will provide you further explanation about ISO 27001 applicability:
- Applicability of ISO 27001 across industries https://advisera.com/27001academy/blog/2015/06/29/applicability-of-iso-27001-across-industries/
These materials will also help you regarding ISO 27001 applicability:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
ISO 27001 implementation

Answer:The sequence for ISO 27001 implementation does not change if you already have ISO 9001:2008 certification. What happens is that some steps became quicker, like elaboration of documents and internal audit. You can find a detailed list of steps for ISO 27001 implementation here: ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

This article will provide you further explanation about using ISO 9001 to support ISO 27001 implementation:
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 implementation: How to make it easier using ISO 9001 [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-implementation-make-easier-using-iso-9001-free-webinar-demand/
Risk assessment webinar

Answer: Yes, the risk assessment webinar covers all steps from risk identification through risk treatment plan, including preparation of SOA, but you should note that for a checklist SOA will only provide information about which controls are implemented and why. The auditor should prepare another checklist considering what to audit regarding the implementation.

This article will provide you further explanation about risk assessment and SOA:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

These materials will also help you regarding risk assessment and SOA:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +

Search results

11269 results

Create New Topic As guest or Sign in

Assign topic to the user

Want to vote?

References on Procedure for Document Control in Toolkit

Supply chain risks

Risk management in e-learning course

Internal Auditor

Risk evaluation

Becoming an ISO 27001 and information security expert

Access control over Risk Assessment and Treatment Tables

ISO 27001 per industry

ISO 27001 implementation

Risk assessment webinar

Didn’t find an answer?