Tag: "Product: ISO 27001 Documentation Toolkit" - Expert Advice Community

Home / Product: ISO 27001 Documentation Toolkit

Discussions

Top Contributors

Expert

Rhand Leal

4149
Discussions
Expert

Carlos Pereira da Cruz

1915
Discussions
Expert

Dejan Kosutic

365
Discussions

Most Popular Tags

Product: Conformio Product: ISO 27001 Documentation Toolkit Product: ISO 13485 & MDR Integrated Documentation Toolkit ISO 27001 ISO 9001 Risk Assessment Product: ISO 27001 & ISO 22301 Premium Documentation Toolkit Product: ISO 13485 Documentation Toolkit ISMS register of requirements Internal Audit Product: ISO 27001/Risk Assessment Table Product: ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit Certification ISO 14001
Category:
Select
CREATE NEW TOPIC +
Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Framework question

    One question to your framework. I have got a long agenda for the certification meeting. This is just a part of it: Top management •    Organizational context and needs and expectations of interested parties (4.1, 4.2) •    Strategic direction, policies (5.2) & objectives (6.2) •    Involvement and commitment from top management with respect to the management system (5.1) •    Roles, responsibilities, and authorities (5.3) •    Provision of resources (7.1) •    Human resource security (A7) •    Communications (internal/external) (7.4) •    Continual improvement (10.2) •    Performance evaluation (9.1) •    Management review (9.3) I have documented all the Annex A, but where is all the requirement like 4.1, 4.2 documented in your framework?

  • Query on SOC 2 certification

    I have a query, how much of this documentation can be reused if the organization also wants to pursue SOC 2 certification ?

  • ISO 27001 package question regarding risk assessment

    thanks for the call last week! I proceeded with the risk assessment. Just a small question: The evaluation of probability of a risk already takes into account the measures that we already have implemented - is that correct? Because in the methodology it says: https://i.imgur.com/5hvpOc1.png So that means: If we already have implemented several security measures for certain risks, the probability will be low in the risk assessment. This would lead to a quite small amount of not acceptable risks (3 or higher) that would be transfered to Anhang 2 "Verzeichnis Risikoeinschätzung" (currently around 12 risks to be transfered in our case). Did I understand this correctly? Or do we need to evaluate the risk without taking into account the measures we already have? Thanks for your help!

  • Document references

    we are currently working on a certification for TISAX and are using your documents. We are at the point: To what extent are event logs recorded and analyzed? The reference documents: Reference to ISO 27001: A.12.4.1, A.12.4.2, A.12.4.3 Unfortunately, these documents are not included in our package. Are there any documents for this? The same applies to the documents: Reference to ISO 27001: A.12.6 Reference to ISO 27001: A12.7, A.18.2.3 Excited for your feedback

  • Requirement of Clause 8.1

    Greetings! I already bought your 27001 kit, but I do not see where it addresses the requirement of Clause 8.1

  • Vulnerability Assessment & Penetration Testing policy

    I can't find Vulnerability Assessment & Penetration Testing policy. I don't see it included in A.12.1_Security_Procedures_for_IT_Department_27001_EN.

  • List of Legal Regulatory

    1 - I purchased the document templates and went with package 2 that gives me unlimited emails. I will more than likely need help with more documents, but I am starting to work on them, and the first document is the 2.1. I am unsure what to list here, I have read your website but wanted some help. Our company sells Web Portals to customers that integrate with ***. Who would be the stakeholders, I am guessing the 2 owners, Employees, Customers? 2 - Since I am the one in charge of the ISO documentation, I would be the person responsible for compliance?

  • Question about ISMS

    We have bought the toolkit (German version) and I have one question: 

    Which parts and elements are needed within the documentation and description of interfaces and dependencies from “outside” services in connection with the scope of the ISMS. We have identified several interfaces to parties which are not directly included in the scope of the ISMS. For example:

    • Suppliers
    • HR
    • External software developing companies
    • Legal department
    • Data from external component manufactures needed for our product in the scope

    So what is needed to describe these interfaces?

  • System Acquisition Development and Maintenance

    Regarding 27001 Toolkit\08_Annex_A_Security_Controls\A.14_System_Acquisition_Development_and_Maintenance:

    We do not do any software development. Is it safe to say that we do not need to complete this Policy and Appendix on Specification o Requirements?   If so, do we note this elsewhere in the documentation?

  • Are templates mapped with NIST and CIS 20 requirements

    I have a question regarding the policies and standards that will be customised. Is the template are mapped with NIST and CIS 20 requirements?
Page 2 of 3 pages