Expert Advice Community

Guest

Conformio and Annex A controls

  Quote
Guest
Guest user Created:   Jul 23, 2022 Last commented:   Jul 25, 2022

Conformio and Annex A controls

I have a client who signed a contract with a big company some time ago and this client was part of a big *** advertising group and benefited from all the resources of the group, but now he has become independent and has to implement the requirements defined in the contract in order to comply with the contract he signed before. Therefore, he asked me to implement the requirements of the contract as a priority. Here are the security policies and article that I need to put in place first. I don't know if they can be handled separately or should I follow the step by step procedure. Let me know if you need more information. Policies to be put in place : Data backup policy Business Continuity Planning Policy External parties policy Data classification policy Security patch management policy Cryptographic standard Access Control Policy Remote Access Control Policy Physical and Environmental Security Policy Security and Privacy Incident Response Policy Articles: A.12.2.1, A.15.1.1, A.15.1.2, A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.5, A.17.1.1, A.17.1.2, A.17.1.3, A.18.2.1, A.7.1.2, A.7.2.1, A.7.2.2, A.7.2.3

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 23, 2022

I’m assuming you want to use Conformio to implement these documents.

Considering that, to implement them in Conformio you need to follow the steps in Conformio “ISO 27001 steps”.

As part of the steps, based on relevant risks and applicable legal requirements Conformio will suggest to you which documents to implement

Considering the documents you mentioned, Conformio can help you with the following documents:
- Data backup policy: Backup Policy
- Data classification policy: Information Classification Policy
- Security patch management policy: IT Security Policy
- Cryptographic standard: Policy on the Use of Encryption
- Access Control Policy: Access Control Policy
- Remote Access Control Policy: Mobile Device, Teleworking, and Work From Home Policy
- Security and Privacy Incident Response Policy - Incident management procedure
- Business Continuity Planning Policy - Disaster recovery plan
- External parties policy - Supplier security policy

Regarding the controls you mentioned, Conformio can help you with the following documents:
A.7.1.2:
- Confidentiality Statement
- Supplier Security Policy
A.7.2.1: All policies and procedures suggested here (responsibilities are defined alongside all documents)
A.12.2.1: IT Security Policy
A.7.2.2, A.15.1.1, and A.15.1.2: Supplier Security Policy
A.7.2.3, A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.5: Incident Management Procedure
A.17.1.1 and A.17.1.2: Disaster Recovery Plan
A.17.1.3 and A.18.2.1: Internal Audit Procedure

For further information, see:
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

Quote
0 1
Guest
Carlos Mendes Jul 25, 2022

Thank you very much for your help Rhand, this is exactly what I wanted to know.I will be able to go ahead with the project with peace of mind.

Have a nice dayđŸ˜€Carlos

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 23, 2022

Jul 25, 2022

Suggested Topics