Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Expert Advice Community

Guest

Consultation to ISO 27001 documentation

  Quote
Guest
Guest user Created:   Jun 17, 2022 Last commented:   Jun 17, 2022

Consultation to ISO 27001 documentation

1. Within the points that are detailed in the ISO 27001 templates, there is no point related to sanctions, it is possible to place this point within the corresponding documents, to detail which are the (labor) reprimands that would be obtained by the Failure to comply with any of the guidelines of X Policy. 2. I have another query: Within the Business Impact Questionnaire, this must be done for each activity that is managed in the organization or several activities can be placed in a single questionnaire. If the answer is YES, please indicate how to place this. https://i.imgur.com/B9697X0.png
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 17, 2022

1. Within the points that are detailed in the ISO 27001 templates, there is no point related to sanctions, it is possible to place this point within the corresponding documents, to detail which are the (labor) reprimands that would be obtained by the Failure to comply with any of the guidelines of X Policy.

A reference to the disciplinary process is included in the Incident Management Procedure, section 3.6 – Disciplinary actions. This folder is located in folder 08 Annex A Security Controls >> A.16 Information Security Incident Management.

As a suggestion you may also consider including reference to sanctions in the following documents:

  • Confidentiality Statement, included in folder 08 Annex A Security Controls >> A.7 Human Resource Security
  • Statement of Acceptance of ISMS Documents, included in folder 08 Annex A Security Controls >> A.7 Human Resource Security
  • Employment contract, as defined by the organization's HR department  

For further information, see:
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/

2. I have another query: Within the Business Impact Questionnaire, this must be done for each activity that is managed in the organization or several activities can be placed in a single questionnaire. If the answer is YES, please indicate how to place this. 

Our recommendation is to perform BIA for each department, so you can use a single BIA questionnaire for activities from the same department

For example, you may use a single questionnaire to cover activities from the HR department (e.g., payroll, benefits, training, etc.), but it is not recommended to use one questionnaire to cover HR and SW development activities.

You can use the Activity description field in the BIA questionnaire form to specify which activities are included in the questionnaire.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 17, 2022

Jun 17, 2022

Suggested Topics