Tag: "Product: ISO 27001 Documentation Toolkit" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Document references

    we are currently working on a certification for TISAX and are using your documents. We are at the point: To what extent are event logs recorded and analyzed? The reference documents: Reference to ISO 27001: A.12.4.1, A.12.4.2, A.12.4.3 Unfortunately, these documents are not included in our package. Are there any documents for this? The same applies to the documents: Reference to ISO 27001: A.12.6 Reference to ISO 27001: A12.7, A.18.2.3 Excited for your feedback
  • Requirement of Clause 8.1

    Greetings! I already bought your 27001 kit, but I do not see where it addresses the requirement of Clause 8.1
  • Vulnerability Assessment & Penetration Testing policy

    I can't find Vulnerability Assessment & Penetration Testing policy. I don't see it included in A.12.1_Security_Procedures_for_IT_Department_27001_EN.
  • List of Legal Regulatory

    1 - I purchased the document templates and went with package 2 that gives me unlimited emails. I will more than likely need help with more documents, but I am starting to work on them, and the first document is the 2.1. I am unsure what to list here, I have read your website but wanted some help. Our company sells Web Portals to customers that integrate with ***. Who would be the stakeholders, I am guessing the 2 owners, Employees, Customers? 2 - Since I am the one in charge of the ISO documentation, I would be the person responsible for compliance?
  • Question about ISMS

    We have bought the toolkit (German version) and I have one question: 

    Which parts and elements are needed within the documentation and description of interfaces and dependencies from “outside” services in connection with the scope of the ISMS. We have identified several interfaces to parties which are not directly included in the scope of the ISMS. For example:

    • Suppliers
    • HR
    • External software developing companies
    • Legal department
    • Data from external component manufactures needed for our product in the scope

    So what is needed to describe these interfaces?

  • System Acquisition Development and Maintenance

    Regarding 27001 Toolkit\08_Annex_A_Security_Controls\A.14_System_Acquisition_Development_and_Maintenance:

    We do not do any software development. Is it safe to say that we do not need to complete this Policy and Appendix on Specification o Requirements?   If so, do we note this elsewhere in the documentation?

  • Are templates mapped with NIST and CIS 20 requirements

    I have a question regarding the policies and standards that will be customised. Is the template are mapped with NIST and CIS 20 requirements?

  • How to exclude information in the definition of scope?

    We have purchased your „ISO 27001 Power Toolkit" and would need support. We, ***, offer our customers a SaaS solution. We are currently preparing for TISAX certification and are in the process of setting up the ISMS. TISAX is largely based on ISO 27001.

    Here is my question about the scope to be determined:

    Our headquarters are in the ***  with branches in various countries among others in ***. Only the branch based in *** should be certified and defined in the scope. The design and maintenance of the IaaS and SaaS is specified and executed by the *** headquarters, Therefore we want to treat this area (hosting) and thus its service lines as a supplier. The problem is that employees in our IT department in the *** branch take on maintenance and administrative tasks for the EMEA area of hosting. How can this be excluded in the definition of the scope?

  • Underscores in a file name

    One point that wasn’t answered is regarding underscores in a file name.

    In terms of best practice and your opinion, given that all the document templates in your toolkit have underscores is this something you recommend? What is the reason for having underscores in the file name?

  • Document/template used for the context of the organisation in ISO 27001 toolkit

    Can you help me with one question, please?

    Which document/template is used for the context of the organisation in the ISO27001 toolkit?

Page 2 of 2 pages