Developing policies and procedures
Assign topic to the user
Answer:
The main advice is to keep these documentation as simple as possible, including only what is demanded by legal requirements, like contracts, laws and regulations, or what will certainly increase efficiency and effectiveness. An additional tip is to write considering your target audience, avoiding unnecessary jargon.
These articles will provide you further explanation about developing policies and procedures:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
Regarding ISO 27001, I suggest you these material so you can have a better understanding of this standard and its benefits:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 Foundations course https://advisera.com/training/iso-27001-foundations-course/
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Comment as guest or Sign in
Oct 22, 2018