Please select user.
There are no topics yet.
We are confused and ask for your clarification upon the found subject contradiction between ISO 27000 video tutorial 103: ISMS Policy and the Integrated ISO 27000/EU GDPR Toolkit.
The video tutorial is focused on the Information Security Management System Policy implementation based on a document template from the Toolkit. However, in the Integrated ISO 27000/EU GDPR Toolkit there is a document named Information Security Policy Integrated which content differs from that shown in the tutorial. ISMS Policy template is missing in Conformio too.
There is no video tutorial available for Information Security Policy implementation.
Are those policies different? Please be so kind to clarify the content contradiction between those two sources.
I’m watching the “How to Write ISO 27001 Procedure for Corrective and Preventive Action” video tutorial, and there our document is missing parts that he demonstrates is in his document. For example, the 3.1 introduction is not in our document.
1 - Are documents covered by the document control policy only security-related E.g. regulation, or is it any company document?
2 - Is there a clear definition of external documents? The concept seems nebulous. Maybe a sample policy we can look at with some examples of what other organizations do may help.
3 - For example, an email is an external document, so would someone be tasked to archive them somewhere in this policy?