Expert Advice Community

Guest

Documentation package content

  Quote
Guest
Guest user Created:   Aug 01, 2023 Last commented:   Aug 01, 2023

Documentation package content

I'm not quite convinced of the new documentation package for 2022.
In the package for ISO 27001 from 2017, the documents have been named consecutively based on the subdivisions.
For example, under area A10, the document Guidelines for the use of encryption was created based on the controls A10.1.1, A10.1.2 and A18.1.5

https://i.imgur.com/cUjQiuZ.png

According to the new classification of the controls appendix A 2022, the controls 2017 for cryptography go to department 8 Technological Controls appendix A 2022

In the control A8.24 over. However, your documents are not subdivided and subdivided according to the new ISO in the appendix, but are included

Only the departments Security Measures, Training and Awareness, Internal Audit etc.

Where can I find the documents on the other measure terms such as 5. Organizational Controls, 6. People Controls, 7. Physical Controls and 8. Technological Controls?

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 01, 2023

The Documentation Toolkit based on ISO 27001:2022 is organized differently from version 2017 of the toolkit.

Documents based on the controls from ISO 27001:2022 Annex A are located in folder 09 Annex A Security Controls. The documents are not organized considering section 5. Organizational Controls, 6. People Controls, 7. Physical Controls and 8. Technological Controls because most documents cover controls from multiple sections and this kind of organization wouldn’t make sense.

For example:

  • the template Clear Desk and Clear Screen Policy covers physical (A.7.7 - Clear desk and clear screen), and technological (A.8.1 - User endpoint devices) controls
  • the template Bring Your Own Device (BYOD) Policy covers organizational (A.5.14 - Information transfer), people (A.6.7 - Remote working), and technological (A.8.1 - User endpoint devices) controls
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 01, 2023

Aug 01, 2023