Please select user.
There are no topics yet.
Have a few questions about documentation. So for the ISMS project, there is an IT security policy doc which includes e.q.:
3.12. Clear desk and clear screen policy
3.11. Password responsibilities
3.9. Authorizations for information system use
3.7. Backup procedure
Should it all be in one document (IT Security Policy) or we can divide them and use them by each?
What is the difference between ISMS Framework and an Information Security policy?
Which one should come first?
I need to write up a draft an ISMS document that meets the ISO 27001 requirement for an SME. Could someone please guide me on where I can find a template of one? Otherwise, can someone provide the headings that I should include in the document, please.
I have implemented ISO27001 at a country level. The Global company was only an interested part as a shareholder. But now that has changed and they are wanting to manage the network at a global level.
I don't know how to treat them in as part of this certification. Could you help with some advise on how to treat them?
In the document when we were reading through it, it said we can use it for either/or like either ISMS or BCMS. So my question is is it possible to use it for both and put the word AND between ISMS and business continuity management system?
Can this requirement for 'Independent Review' be satisfied internally? That is, review of the ISMS policies and procedures by an in-house team that is not directly attached to the ISO 27001 effort?
Can this requirement be satisfied through the ISO 27001 Certification process, citing the 2 minor audits between major certification as our Independent Review?
Otherwise, what is the best course of action to meet this requirement, and could we gain and keep certification without using this control?