Becoming compliant with ISO 27001

• Which policies / policies shall be present and which shall I recommend to apply?
• Which processes and procedures should support my approach to secure that we do as we say we will do as attendee?
• Which controls should I set up and carried out to check that we follow the processes and procedure?

Answer: First of all, sorry for the late answer.

Although ISO 27001 defines some common requirements that must be implemented by any organization (e.g., control of document and records, internal audit, management review, etc.), more specific policies, processes, procedures and controls should be tailored by each organization's purposes and needs, as result of risk assessments, so there is no definitive answer to your questions.
- In terms of polices, the mandatory one to be documented is the Information security policy. For network segregation you should consider at least an Acce ss Control Policy and an Acceptable Use Policy, to help guide how these network groups are separated and how they can interact with each other. Other policies (related to ISO 27001 Annex A), should be defined considering the results of risk assessment
- In terms of processes and procedures, the mandatory one to be documented is Risk assessment and risk treatment methodology. At least a change management process should be considered so you can ensure changes in network groups are properly authorized and implemented. Other processes and procedures, should be defined considering the results of risk assessment
- To ensure the processes and procedure are being followed you have to keep records of the following: Records of training, skills, experience and qualifications, Monitoring and measurement results, Internal audit program, Results of internal audits, Results of the management review, and Results of corrective actions. Although there is no standard requirement for processes to be documented, you should consider implementing as a good practice an internal audit procedure.

These articles will provide you further explanation about implementing ISO 27001 and network related controls:
- WHAT IS ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Requirements to implement network segregation according to ISO 27001 control A.13.1.3 https://advisera.com/27001academy/blog/2015/11/02/requirements-to-implement-network-segregation-according-to-iso-27001-control-a-13-1-3/
- How to manage the security of network services according to ISO 27001 A.13.1.2 https://advisera.com/27001academy/blog/2017/02/13/how-to-manage-the-security-of-network-services-according-to-iso-27001-a-13-1-2/
- How to manage network security according to ISO 27001 A.13.1 https://advisera.com/27001academy/blog/2016/06/27/how-to-manage-network-security-according-to-iso-27001-a-13-1/

These materials will also help you regarding implementing ISO 27001 and network related controls:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/