Guest user Created: Oct 22, 2018 Last commented: Oct 22, 2018

Developing policies and procedures

I just started a job that is about IT policies and documentation and I have no experience about this job so I need some advice from a person who knows this subjects so well like you. Do you have any advice for me ? And also my company is considering to get ISO 27001. I am looking forward an answer from you. Thank you.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 22, 2018

Answer:

The main advice is to keep these documentation as simple as possible, including only what is demanded by legal requirements, like contracts, laws and regulations, or what will certainly increase efficiency and effectiveness. An additional tip is to write considering your target audience, avoiding unnecessary jargon.

These articles will provide you further explanation about developing policies and procedures:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

Regarding ISO 27001, I suggest you these material so you can have a better understanding of this standard and its benefits:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 Foundations course https://advisera.com/training/iso-27001-foundations-course/
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 22, 2018

Expert Advice Community