Created: Sep 15, 2021 Last commented: Sep 17, 2021

Conformio ISO Documentation

Hi! Have a few questions about documentation. So for the ISMS project, there is an IT security policy doc which includes e.q.: 3.12. Clear desk and clear screen policy 3.11. Password responsibilities 3.9. Authorizations for information system use 3.7. Backup procedure Should it all be in one document (IT Security Policy) or we can divide them and use them by each?

Tags: ISMS, Product: Conformio

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Sep 17, 2021

ISO 27001 does not prescribe how documents should be grouped, so organizations can develop documents as best fit their needs.

Besides the IT security policy, Conformio provides the following templates that you can use to split these items:
- Password Policy
- Clear Desk and Clear Screen Policy
- Backup Policy

In case you use the additional items, the same elements in the IT Security Policy will be automatically excluded.

For “Authorizations for information system use”, they are regulated through the Access Control Policy, whereas the authorizations themselves can be done simply through email, no specific type of record is needed.

For further information, see:
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 15, 2021

Sep 17, 2021

Expert Advice Community