SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Comparison between ISO 27001 Documentation Toolkit and the EU GDPR & ISO 27001 Integrated Documentation Toolkit

  Quote
Guest
Nick Tsatas Created:   Nov 09, 2021 Last commented:   Nov 12, 2021

Comparison between ISO 27001 Documentation Toolkit and the EU GDPR & ISO 27001 Integrated Documentation Toolkit

Can you please advise if all documentation under the EU GDPR & ISO 27001 Integrated Documentation Toolkit covers the documentation under ISO 27001 Documentation Toolkit documentation as I see that there aere a few differences (e.g. Business Continuity - Disaster Recovery Plan) not part of the integrated version toolkit

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 11, 2021

The EU GDPR & ISO 27001 Integrated Documentation Toolkit has all the documents included in the ISO 27001 Documentation Toolkit.

Please note that there are some differences in the numbering between the two toolkits, because the EU GDPR & ISO 27001 Integrated Documentation Toolkit has additional GDPR related documents, and also differences between some names of templates.

For example:
- the Disaster Recovery Plan in the EU GDPR & ISO 27001 Integrated Documentation Toolkit is located in folder 14 Security Controls >> 14.A.17 Business Continuity.

- the Information Transfer Policy in the ISO 27001 Toolkit (located in folder 08 Annex A Security Controls >> A.13 Communications Security) is replaced by the Cross Border Personal Data Transfer Procedure in the EU GDPR & ISO 27001 Toolkit (located in folder 14 Security Controls >> 14.A.13 Communications Security and Personal Data Transfers)

Please let us know if you want information about the relation between other specific documents in both toolkits.

Quote
0 0
Guest
Nick Tsatas Nov 11, 2021

Thank you. Really helpful. Can you please also advise on the following:

1) 11.1 Measurement Report in the ISO 27001 is Not Referenced as Mandatory whrereas in the integrated toolkit it is17.1 Measurement Report - Referenced as Mandatory

2) A.16.1 Appendix 1 - Incident Log can you please advise where that is referenced in the integrated toolkit?

3) Can you please advise where the below are included in the ISO-27001 toolkit

14.A.13.1
Includes Annex 1 – Standard Contractual Clauses for the Transfer of Personal Data to Controllers applicable to ISO-27001
14.A.13.2
Includes Annex 2 – Standard Contractual Clauses for the Transfer of Personal Data to Processors applicable to ISO-27001

Quote
0 0
Expert
Rhand Leal Nov 12, 2021

1) 11.1 Measurement Report in the ISO 27001 is Not Referenced as Mandatory whrereas in the integrated toolkit it is17.1 Measurement Report - Referenced as Mandatory

First of all, sorry for this confusion.

The Measurement Report is to be considered mandatory.

Please note that the Measurement Report is related to ISO 27001 clauses 6.2 and 9.1, and both require documented information about security objectives (clause 6.2) and monitoring and measurement results (clause 9.1).

2) A.16.1 Appendix 1 - Incident Log can you please advise where that is referenced in the integrated toolkit?

In the integrated toolkit, the document to be used to log incidents is the Data Breach Register, located in folder 14 Security Controls >> 14.A.16 Incident Management and Data Breaches

3) Can you please advise where the below are included in the ISO-27001 toolkit

14.A.13.1
Includes Annex 1 – Standard Contractual Clauses for the Transfer of Personal Data to Controllers applicable to ISO-27001
14.A.13.2
Includes Annex 2 – Standard Contractual Clauses for the Transfer of Personal Data to Processors applicable to ISO-27001

The requirements regarding privacy applicable only for ISO 27001 are covered in the Information Transfer Policy, located in folder 08 Annex A Security Controls >> A.13 Communications Security

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 09, 2021

Nov 12, 2021