Expert Advice Community

Guest

Documentation of requirements

  Quote
Guest
Guest user Created:   Sep 24, 2021 Last commented:   Sep 24, 2021

Documentation of requirements

I checked the document one by one against the ISO27001 Standard. Below is the clause that I could not find being addressed in your ISO27001 Documentation Toolkit. Could you please confirm whether the toolkit is tailored to the specific organization or environment? 4.1 Understanding the organization and its context 5.1 Leadership and commitment 6.1 Actions to address risks and opportunities 6.1.1 General 7.1 Resources The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the information security management system. 7.4 Communication 8.1 Operational planning and control 9.1 Monitoring, measurement, analysis and evaluation 10.2 Continual improvement The organization shall continually improve the suitability, adequacy and effectiveness of the information security management system. A.5.1.1 Policies for information security A.5.1.2 Review of the policies for information security A.6.1.1 Information security roles and responsibilities A.6.1.2 Segregation of duties A.6.1.3 Contact with authorities A.6.1.4 Contact with special interest groups A.6.1.5 Information security in project management A.7.2.1 Management responsibilities A.7.3.1 Termination or change of employment responsibilities A.9.4.2 Secure log-on procedures A.9.4.4 Use of privileged utility programs A.9.4.5 Access control to program source code A.11.1.1 Physical security perimeter A.11.1.3 Securing offices, rooms and facilities A.11.1.4 Protecting against external and environmental threats A.11.1.6 Delivery and loading areas A.11.2.1 Equipment siting and protection A.11.2.2 Supporting utilities A.11.2.3 Cabling security A.11.2.4 Equipment maintenance A.12.1.3 Capacity management A.12.1.4 Separation of development, testing and operational environments A.12.4.4 Clock synchronisation A.12.6.1 Management of technical vulnerabilities A.12.7.1 Information systems audit controls A.13.1.3 Segregation in networks A.14.2.3 Technical review of applications after operating platform changes A.17.1.1 Planning information security continuity A.17.1.3 Verify, review and evaluate information security continuity A.17.2.1 Availability of information processing facilities A.18.1.3 Protection of records A.18.1.4 Privacy and protection of personally identifiable information A.18.2.1 Independent review of information security A.18.2.2 Compliance with security policies and standards A.18.2.3 Technical compliance review
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 24, 2021

Please note that our ISO 27001 Documentation Toolkit covers all mandatory documents and some documents that are not mandatory. Many of the clauses and controls you mentioned do not need to be documented according to the standard, and in our opinion, it would be an overhead to document each and every one of them in a small company. 

Our toolkit is created specifically for smaller companies that want to implement ISO 27001 in a quick way, without unnecessary paperwork; for larger companies that require more documents, we recommend getting some other solution.

This article will also help you:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 24, 2021

Sep 24, 2021