I have a client who signed a contract with a big company some time ago and this client was part of a big *** advertising group and benefited from all the resources of the group, but now he has become independent and has to implement the requirements defined in the contract in order to comply with the contract he signed before.
Therefore, he asked me to implement the requirements of the contract as a priority.
Here are the security policies and article that I need to put in place first.
I don't know if they can be handled separately or should I follow the step by step procedure.
Let me know if you need more information.
Policies to be put in place :
Data backup policy
Business Continuity Planning Policy
External parties policy
Data classification policy
Security patch management policy
Access Control Policy
Remote Access Control Policy
Physical and Environmental Security Policy
Security and Privacy Incident Response Policy
Articles: A.12.2.1, A.15.1.1, A.15.1.2, A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.5, A.17.1.1, A.17.1.2, A.17.1.3, A.18.2.1, A.7.1.2, A.7.2.1, A.7.2.2, A.7.2.3
I’m assuming you want to use Conformio to implement these documents.
Considering that, to implement them in Conformio you need to follow the steps in Conformio “ISO 27001 steps”.
As part of the steps, based on relevant risks and applicable legal requirements Conformio will suggest to you which documents to implement
Considering the documents you mentioned, Conformio can help you with the following documents: - Data backup policy: Backup Policy - Data classification policy: Information Classification Policy - Security patch management policy: IT Security Policy - Cryptographic standard: Policy on the Use of Encryption - Access Control Policy: Access Control Policy - Remote Access Control Policy: Mobile Device, Teleworking, and Work From Home Policy - Security and Privacy Incident Response Policy - Incident management procedure - Business Continuity Planning Policy - Disaster recovery plan - External parties policy - Supplier security policy
Regarding the controls you mentioned, Conformio can help you with the following documents: A.7.1.2: - Confidentiality Statement - Supplier Security Policy A.7.2.1: All policies and procedures suggested here (responsibilities are defined alongside all documents) A.12.2.1: IT Security Policy A.7.2.2, A.15.1.1, and A.15.1.2: Supplier Security Policy A.7.2.3, A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.5: Incident Management Procedure A.17.1.1 and A.17.1.2: Disaster Recovery Plan A.17.1.3 and A.18.2.1: Internal Audit Procedure
For further information, see: - How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/