Conformio and Annex A controls
Assign topic to the user
I’m assuming you want to use Conformio to implement these documents.
Considering that, to implement them in Conformio you need to follow the steps in Conformio “ISO 27001 steps”.
As part of the steps, based on relevant risks and applicable legal requirements Conformio will suggest to you which documents to implement
Considering the documents you mentioned, Conformio can help you with the following documents:
- Data backup policy: Backup Policy
- Data classification policy: Information Classification Policy
- Security patch management policy: IT Security Policy
- Cryptographic standard: Policy on the Use of Encryption
- Access Control Policy: Access Control Policy
- Remote Access Control Policy: Mobile Device, Teleworking, and Work From Home Policy
- Security and Privacy Incident Response Policy - Incident management procedure
- Business Continuity Planning Policy - Disaster recovery plan
- External parties policy - Supplier security policy
Regarding the controls you mentioned, Conformio can help you with the following documents:
A.7.1.2:
- Confidentiality Statement
- Supplier Security Policy
A.7.2.1: All policies and procedures suggested here (responsibilities are defined alongside all documents)
A.12.2.1: IT Security Policy
A.7.2.2, A.15.1.1, and A.15.1.2: Supplier Security Policy
A.7.2.3, A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.5: Incident Management Procedure
A.17.1.1 and A.17.1.2: Disaster Recovery Plan
A.17.1.3 and A.18.2.1: Internal Audit Procedure
For further information, see:
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
Thank you very much for your help Rhand, this is exactly what I wanted to know.I will be able to go ahead with the project with peace of mind.
Have a nice day😀Carlos
Comment as guest or Sign in
Jul 25, 2022