Tag: "policies and procedures" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Do we need an incident management procedure?

    Our company has a good incident response plan in place, however it's a requirement of the ISO27001 that we also have an incident management procedure? Do we need this in addition?

  • Independent review

    Can this requirement for 'Independent Review' be satisfied internally? That is, review of the ISMS policies and procedures by an in-house team that is not directly attached to the ISO 27001 effort?

    Can this requirement be satisfied through the ISO 27001 Certification process, citing the 2 minor audits between major certification as our Independent Review?

    Otherwise, what is the best course of action to meet this requirement, and could we gain and keep certification without using this control?