Guest user Created: Oct 29, 2021 Last commented: Oct 29, 2021

Combining the ISO 27001 policies into one manual

Hi Dejan, I hope you are well? I have been requested by one of my seniors to combine all of the ISO27001 into one manual handbook. I was wondering is this practice a good idea? Also if its ok to do how does this apply to version controls and review etc. As always you and your team’s advice is highly respected and regarded.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 29, 2021

Although it is acceptable by the standard to combine all of the ISO27001 documents into one manual handbook, in most cases, it is not a good idea, because if you put all the policies and procedures into a single document this will make the reading of such a document very difficult.

Regarding version control and review, they would be performed the same way if documents are separately documented, but updated information will be consolidated in a single document.

This article will provide you a further explanation about ISMS Manual:

Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/

This material will also help you regarding ISMS documentation:

Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 29, 2021

Expert Advice Community