Expert Advice Community

Guest

Conformio ISO Documentation

  Quote
Guest
Rena Created:   Sep 15, 2021 Last commented:   Sep 17, 2021

Conformio ISO Documentation

Hi!

Have a few questions about documentation. So for the ISMS project, there is an IT security policy doc which includes e.q.:

3.12. Clear desk and clear screen policy

3.11. Password responsibilities

3.9. Authorizations for information system use

3.7. Backup procedure

 

Should it all be in one document (IT Security Policy) or we can divide them and use them by each?

 

Tags: ISMS
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 17, 2021

ISO 27001 does not prescribe how documents should be grouped, so organizations can develop documents as best fit their needs.

Besides the IT security policy, Conformio provides the following templates that you can use to split these items:
- Password Policy
- Clear Desk and Clear Screen Policy
- Backup Policy

In case you use the additional items, the same elements in the IT Security Policy will be automatically excluded.

For “Authorizations for information system use”, they are regulated through the Access Control Policy, whereas the authorizations themselves can be done simply through email, no specific type of record is needed.

For further information, see:
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 15, 2021

Sep 17, 2021

Suggested Topics

Guest user Created:   Sep 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Sample data for MSP

Guest user Created:   Feb 19, 2018 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content