Infosec policies
I found a simplified security policy which encapsulates a lot of the policies provided in the tool kit but at a higher level. Would something like this be appropriate for our implementation of ISO 27k and would it be appropriate for an audit?
Assign topic to the user
If this simplified security policy covers all requirements from the standard, properly address the results of risk assessment and the legal requirements your organization must fulfill and is understood and easily handled by your employees, then it is acceptable by ISO 27001 requirements and certification auditors.
Regarding our toolkit, we haven’t found a proper policy format that would meet all those criteria, so this is why we recommend the usage of the documents from the toolkit.
These articles will provide you a further explanation about developing documents:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
Comment as guest or Sign in
Sep 21, 2019