Expert Advice Community

Guest

Compliance with ISO 27001

  Quote
Guest
Guest user Created:   Feb 28, 2017 Last commented:   Feb 28, 2017

Compliance with ISO 27001

1 - I had gone through the documents and I am still trying to understand, how to identify which all policies are mandatory / important / least important for making an organisation ISO 27001 compliance ready and what all actions to be taken to ensure ISO certification compliance ready.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 28, 2017

Answer: For the identification of the mandatory documentation needed for compliance with ISO 27001 I suggest you to take a look at this article: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Regarding the identification of documentation importance, I suggest you to take a look at this article:8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

Regarding the actions to be taken to ensure an ISMS compliance is ready for certification, I suggest you to see this article: ISO 27001 implementatio n checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

2 - Also, during the assessment, there might be chances that some of the solutions i.e. Access Control, Incident management, completely does not exist. In that case what would be action item, because due to the budget constraint, some of the solution deployment may not be feasible this year? Is there any alternative available to make us complaint without putting actual solution in place.

Answer: In some cases, it is possible to implement a control at some later time - however you need to fulfill the following: (1) there is no major risk with pending treatment, (2) the Risk Treatment Plan clearly defined that the control will be implemented at a later date, and (3) risk owners have accepted the risks related to control that will be implemented later.

These materials will also help you regarding compliance with ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 28, 2017

Feb 28, 2017

Suggested Topics