Preventive actions

Answer 1: Although in the previous version of ISO 27001:2005 the preventive actions were included explicitly, in the current ISO 27001:2013 it is not referenced, so we don’t have a template for this anymore, because basically it is not necessary

2.- Also I've got one question about the Risk Assessment: Is it necessary to add the serial number for each computer/laptop inside the company or can I just name the asset and the owner?

Answer 2: From my point of view, the serial number of each computer/laptop is not relevant for the risk assessment, so you don’t need to include this information in the risk assessment, but for your asset management can be very interesting to have a control of the serial number of each equipment, because each equipment (with his serial number, that is unique), will be assigned to a specific person. So, you can include this specific information in your asset inventory.

This article can help you with the asset inventory “How to handle Asset register (Asset inventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

3.- And the last question: Is it possible to get access to more tutorial videos? It's been really helpful.

Answer 3: As customer, you can access to all our video tutorials, but if you need more, you can see our free webinars : https://advisera.com/27001academy/webinars/

Furthermore, you have access to all documentation tutorials, and here you can also have a online course "ISO 27001:2013 Foundations Course" https://advisera.com/training/iso-27001-foundations-course/