Expert Advice Community

Guest

Contradictions between Toolkits and video tutorials

  Quote
Guest
Guest user Created:   May 03, 2021 Last commented:   May 03, 2021

Contradictions between Toolkits and video tutorials

We are confused and ask for your clarification upon the found subject contradiction between ISO 27000 video tutorial 103: ISMS Policy and the Integrated ISO 27000/EU GDPR Toolkit.

The video tutorial is focused on the Information Security Management System Policy implementation based on a document template from the Toolkit. However, in the Integrated ISO 27000/EU GDPR Toolkit there is a document named Information Security Policy Integrated which content differs from that shown in the tutorial. ISMS Policy template is missing in Conformio too.

There is no video tutorial available for Information Security Policy implementation.

Are those policies different? Please be so kind to clarify the content contradiction between those two sources.

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 03, 2021

Please note that ISO 27001:2013 defines as the top-level policy the "Information Security Policy", however the old 2005 revision of ISO 27001 called this document "ISMS Policy".

So, the ISMS Policy and the Information Security Policy are the same document.

Regarding the elements of GDPR included in this Information Security policy, they do not require customization, so a video tutorial with specific GDPR content for filling in the Integrated ISO 27001 & GDPR Information Security Policy is not required. In case you find any differences between the templates and video tutorials, please consider the template as the most updated version.

For more information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 03, 2021

May 03, 2021