A.5 and A.8 elements
Our organization had purchased the ISO 27001 from Advisera last year, I am in need of your assistance pertaining to ISO 27001 packet and its documents within.
While implementing elements of ISO 27001/A.5 and A.8 elements, few of my results pointed to the following documents/forms, however, they are NOT available in the ISO 27001 packet we purchased.
How do I obtain the following list of documents so that I may complete my asset management and controls?
A.7.2.1 - Management responsibility
A.8.1.3 - Acceptable use of assets
A.9.1.1 - Access control policy
A.12.3.1 - Information backup
A.13.1.3 - Segregation in networks
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that there is no specific document for control A.7.2.1 because management responsibility is documented across several documents in the toolkit, like the Information Security Policy and Management review minutes.
For further information see:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
Regarding control A.13.1.3, is important to note that Advisera's ISO 27001 Documentation Toolkit does not have a document for each and every control from ISO 27001 because of the following reasons:
1) ISO 27001 does not require each and every control to be documented
2) If the toolkit had a document for each control, there would be too many documents and this would be an overkill for smaller and mid-size companies.
Since our target are SMEs, we have decided to include an optimum amount of documents for companies of this size - the toolkit includes:
- All the mandatory documents - e.g. Information Security Policy, Statement of Applicability, Risk Assessment Methodology, Access Control Policy, etc.
- Documents that are not mandatory, but are commonly used - e.g. BYOD Policy, Classification Policy, Password Policy, Backup Policy, etc.
Documents that cover the remaining mentioned controls are located as follow:
- A.8.1.3 - Acceptable use of assets, is covered by document IT Security Policy, located on folder 08 Annex A Security Controls >> A.8 Asset Management
- A.9.1.1 - Access control policy, is covered by document Access Control Policy, located on folder 08 Annex A Security Controls >> A.9 Access Control
- A.12.3.1 - Information backup, is covered by documents IT Security Policy, located on folder 08 Annex A Security Controls >> A.8Asset Management, Security Procedures for IT Department, located on folder 08 Annex A Security Controls >> A.12 Operations Security, and Backup Policy, located on folder 08 Annex A Security Controls >> A.12 Operations Security
Please note that included in your toolkit there is a List of Documents file that can show you which clause and control of the standard are covered by each document.
Comment as guest or Sign in
May 21, 2020