Documenting policies
I would like your advice on whether or not you feel we need to have a separate document that outlines BYOD and Teleworking or it would be sufficient to put these policies in our Staff Handbook which is quite extensive.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 does not prescribe how documents should be grouped, so organizations are free to use the approach that better suits them. Our general recommendation is to put policies together only up to the size the document is manageable. People tend not to read large documents, and they also are difficult to handle in case they are in physical format.
This article will provide you further explanation about documenting policies:
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
This material will also help you regarding documenting policies:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Comment as guest or Sign in
Feb 20, 2020