Guest
I need to write up a draft an ISMS document that meets the ISO 27001 requirement for an SME. Could someone please guide me on where I can find a template of one? Otherwise, can someone provide the headings that I should include in the document, please.
I have implemented ISO27001 at a country level. The Global company was only an interested part as a shareholder. But now that has changed and they are wanting to manage the network at a global level.
I don't know how to treat them in as part of this certification. Could you help with some advise on how to treat them?
In the document when we were reading through it, it said we can use it for either/or like either ISMS or BCMS. So my question is is it possible to use it for both and put the word AND between ISMS and business continuity management system?
First question: I was wondering if Privacy Policy document is included with the ISO 27001/22301….or if it is only included with the EU GDPR. If only included with GDPR, can I use that privacy policy for all our ISMS/BCMS needs as well?
Can this requirement for 'Independent Review' be satisfied internally? That is, review of the ISMS policies and procedures by an in-house team that is not directly attached to the ISO 27001 effort?
Can this requirement be satisfied through the ISO 27001 Certification process, citing the 2 minor audits between major certification as our Independent Review?
Otherwise, what is the best course of action to meet this requirement, and could we gain and keep certification without using this control?