We got a peculiar request from a customer. Although we are ISO27001 certified a customer is insisting that we provide a full list, the following documents.
It is the first time we are asked of this, and I was curious if you came across it in the past and have any ideas on how to proceed.
· Context of Organisation
· ISMS Scope
· ISMG Governance
· External & Internal Issues and Interested Parties
· Risk Assessment and Treatment Methodology
· ISMS Risk Assessment: Asset Register and Risk Treatment Plan
· Information Security Policy
· Training Matrix
· ISO 27001 Training & Awareness Schedule
· Information Classification and Handling Policy
· Monitoring and Logging Policy
· Corrective Action Register
· Access Control Policy
· Acceptable Use Policy
· Production of Software Policy
· IT Procurement and Third Party Security Policy
· Incident management policy
· Intellectual Property Policy
Assign topic to the user
Please select user.
Oct 07, 2022