Take the ISO 14001 course exam and get the
ISO 9001 or ISO 45001 course exam for free

Tag: "ISMS" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Conformio ISO Documentation

    Hi! Have a few questions about documentation. So for the ISMS project, there is an IT security policy doc which includes e.q.: 3.12. Clear desk and clear screen policy 3.11. Password responsibilities 3.9. Authorizations for information system use 3.7. Backup procedure   Should it all be in one document (IT Security Policy) or we can divide them and use them by each?  
  • ISMS Framework vs IS Policy

    What is the difference between ISMS Framework and an Information Security policy?

    Which one should come first?

  • ISO/IEC 27001:2013 ISMS Document Implementation

    I need to write up a draft an ISMS document that meets the ISO 27001 requirement for an SME. Could someone please guide me on where I can find a template of one? Otherwise, can someone provide the headings that I should include in the document, please.

  • Multi location certification

    I have implemented ISO27001 at a country level. The Global company was only an interested part as a shareholder. But now that has changed and they are wanting to manage the network at a global level.

    I don't know how to treat them in as part of this certification. Could you help with some advise on how to treat them?

  • Can ISO 27001 and ISO 22301 be used together in a document?

    In the document when we were reading through it, it said we can use it for either/or like either ISMS or BCMS. So my question is is it possible to use it for both and put the word AND between ISMS and business continuity management system?

  • Questions about documents

    First question: I was wondering if Privacy Policy document is included with the ISO 27001/22301….or if it is only included with the EU GDPR. If only included with GDPR, can I use that privacy policy for all our ISMS/BCMS needs as well?

  • Independent review

    Can this requirement for 'Independent Review' be satisfied internally? That is, review of the ISMS policies and procedures by an in-house team that is not directly attached to the ISO 27001 effort?

    Can this requirement be satisfied through the ISO 27001 Certification process, citing the 2 minor audits between major certification as our Independent Review?

    Otherwise, what is the best course of action to meet this requirement, and could we gain and keep certification without using this control?