Tag: "ISO27001" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • ISO27001 Lead Implementer Training

    Hello I recognise that the exam for the course provided by Advisera is "accredited" by Exemplar Global but there seem to be several ISO27001 Lead Implementer qualifications provided by and accredited by various companies. Are these qualifications benchmarked against each other to ensure they are the same level of detail/difficulty? Also, having passed the exam can you state you are an "ISO27001 Lead Implementer" or do you need to demonstrate some level of practice in the industry (in the same way as the CISSP and CISM qualifications) to an over arching body? I really like the content and having completed the Foundation exam am keen to proceed with the Lead, I'd just like to check my understanding of what this gives me. Best regards Lee
  • Risk Assessment of Assets

    Hello As part of compliance with the NIS Regulations we are identifying assets, grouping them and them Risk Assessing them as a group. Our aspiration is to implement ISO27001 in the future so I am thinking this is an opportunity to get our Risk Assessments aligned to the standard.  I am guessing for ISO27001 we would have to risk assess the invididual assets rather than as groups? So, rather than risk assess Core Network VMWare Business Systems Desktop Applications Would we need to risk assess as follows? Core Network VMWare Business System 1 Business System 2 Business System 3 Business System 4 Business System 5 Desktop Application 1 Desktop Application 2 Desktop Application 3 Desktop Application 4 Desktop Application 5 Thanks Lee
  • ISMS scope - Not interested in ISO27001 accreditation

    This is the first phase of ISO27001 for us. We dont plan on seeking certification but interested to align our environment to ISO27001.

    Is it complusary to done a scope? Can we just go about implementing ISO27001 for our whole environment. We are a small orgnisation but getting bigger. 

    The idea is to initially implement ISO27001 framework orgnisation wide so when we expend we have good practices in place that will allow us to build on (expand on)

    Do you see any risk/concerns with this approch? Is there a better way to go about? What are your recommendation?