Implementation of policies
We are now starting the implementation of Information Security ISO 27001. I am on the phase of preparing control implementation of the policies. I'm facing difficulties, with start working on it.
Assign topic to the user
To implement policies you must consider:
- Study the requirements you must fulfill (e.g, contracts, laws, regulations, etc.)
- Take into account the results of your risk assessment, to determine which issues you have to address in your document, and detail level
- Optimize and align your document(s) (i.e., define the total number of documents)
- Structure your document (observe your corporate rules for formatting the document)
- Write your document (basically, the smaller the organization and the smaller the risks, the less complex your document will be)
- Get your document approved
- Training and awareness of your employees
These articles will provide you further explanation about polices development and implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
To see how policies and procedures for ISO 27001 look like, I suggest to take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Comment as guest or Sign in
Oct 18, 2019