Expert Advice Community

Home / ISO 27001 & 22301 / Documenting policies

Guest

Documenting policies

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2018 Last commented:   Jan 12, 2018

Documenting policies

ISO 27001 & 22301
Senior management wants to put all policies into one document ("a manual") and therefore only sign/approve one document. Is this allowable for auditing purposes?
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Jan 12, 2018

Answer: ISO 27001 is not prescriptive about how to document your information, so you can put all policies into a single document. To have all policies in a single document can make easier to manage them, but you have to take care not to finish with a document so big that it will become difficult or annoying for user to handle them.

These articles will provide you further explanation about how manage policies:
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
- Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 11, 2018

Jan 11, 2018

Suggested Topics
Guest user Created:   Feb 20, 2020 ISO 27001 & 22301
Replies: 1
0 0

Documenting policies
Lajvar Created:   Jun 14, 2021 ISO 27001 & 22301
Replies: 1
0 0

Corrective Actions Procedure
Guest user Created:   Jul 09, 2020 ISO 27001 & 22301
Replies: 1
0 0

Information security policy in contracts