Creating policies and procedures: Stage of implementation
Assign topic to the user
Answer:
Generally the creation of policies and procedures begins after the risk assessment & treatment, because you will need policies and procedures to implement the security controls.
Regarding your second question, the first policy that you can write is the top-level information security policy.
Anyway, remember that there are some mandatory policies and procedures that you need for the implementation of ISO 27001:2013, which you can see here “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
This article can be also interesting for you "How to structure the documents for ISO 27001 Annex A controls" : https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
And also this one “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Finally, our online course can be also interesting for you because we give more information about how to implement policies and procedures “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 24, 2016