Tag: "ISO 27001" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

  • Compliance verification

    How do you verify compliance to regulatory requirements? It should be a scheduled audit or random verification of meeting criteria? Thank you for consideration.

  • Multi location certification

    I have implemented ISO27001 at a country level. The Global company was only an interested part as a shareholder. But now that has changed and they are wanting to manage the network at a global level.

    I don't know how to treat them in as part of this certification. Could you help with some advise on how to treat them?

  • Risk assessment and treatment report

    I have a clarification question regarding the risk assessment and treatment report. When is this report created in the process of the ISO 27001 project? Before or after implementation of the necessary controls?

    In the draft document it states that «The risk treatment was done from XX to XX.» (Risikobehandlung wurde im Zeitraum von [Tag/Monat/Jahr] bis [Tag/Monat/Jahr] durchgeführt.) Does this include that the controls are in place, or does this mean that the treatment plan etc. was created, but the controls do not have to be in place when writing the report?

    Also, it says in the draft document (Heading 3.5) that «after implementation of the controls the residual risks are re-evaluated» (nach der Anwendung der Maßnahmen wurden die Restrisiken bewertet). This implies that the report is done after the controls have been implemented as the process (on which is reported) would include the residual risk evaluation after the implementation of the controls.

  • Integrated implementation

    How can this standard be useful for implementing of other standards like ISO 27001, ISO 9001, AS 9100 etc.?

  • Evidencing requirements

    I have the next question. A customer of ours participates in a government tender. He must therefore demonstrate that he meets a number of requirements of the ISO 27001 standard. In total it concerns 200 requirements.

  • ISO 27001-2019

    First, please accept my apologies if there is a general email address to which to send inquiries, but looking through all the relevant correspondence I could not find any indication as to where to send questions so I am just replying here as you had specified in the email below. In any event, please feel free to redirect as you see fit and let us know if there is a specific email for inquiries moving forward.

  • ISO 27001 Objective measurement document

    I am looking for document for ISO 27001, Objective measurement. We have the toolkit and it is not there ,maybe we can get it extra?

  • ISO 27001 implementation case studies

    Are there any case studies available where ISO 27001 has been implemented successfully

  • Can ISO 27001 and ISO 22301 be used together in a document?

    In the document when we were reading through it, it said we can use it for either/or like either ISMS or BCMS. So my question is is it possible to use it for both and put the word AND between ISMS and business continuity management system?

  • Questions about documents

    First question: I was wondering if Privacy Policy document is included with the ISO 27001/22301….or if it is only included with the EU GDPR. If only included with GDPR, can I use that privacy policy for all our ISMS/BCMS needs as well?

Page 1 of 2 pages