Expert Advice Community

Guest

Documentation toolkit content

  Quote
Guest
Guest user Created:   Oct 24, 2017 Last commented:   Oct 24, 2017

Documentation toolkit content

Una pregunta del paquete de plantillas...Estuve revisando el libro "Seguro y Fácil" y en el capítulo 5.1 habla de "Comprender el contexto de su organización", donde indica que respecto a la documentación es obligatoria:
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 24, 2017

Objetivos de seguridad de información, resultados de la evaluación del riesgo (generalmente bajo la forma de un informe de evaluación de riesgos), los registros de competencia del empleado (generalmente en forma de certificados) y lista de disposiciones legales, estatutarias, reglamentarias y contractuales

Sin embargo, no sabemos dónde ubicar esas plantillas en el paquete de documentos que he adquirido, por favor tu apoyo.

(A question from the package of templates ... I was reviewing the book "Safe and Easy" and in chapter 5.1 talks about "Understanding the context of your organization", which indicates that regarding documentation is mandatory:

Information security objectives, risk assessment results (usually in the form of a risk assessment report), employee competence records (usually in the form of certificates) and list of legal, statutory, regulatory and contractual provisions

However, we do not know where to place those templates in the package of documents I have purchased, please support.)

Answer: Included in your toolkit (in the root folder) there is a List of Documents file that shows you to which clause of the standards each template is related to. In this file you will find this information:

- Information security objectives (required by clause 6.2) are covered by the "Information Security Policy" template, located at the folder 04 Information Security Policy, and the "Statement of Applicability" template, located at the folder 06 Statement of Applicability.
- Risk assessment results (required by clause 6.1.2) are covered by the "Risk Assessment Table" template,and the "Risk Assessment and Risk Treatment Report" template, both located at the folder 05 Risk Assessment and Risk Treatment Methodology
- Risk treatment results (required by clause 6.1.3) are covered by the "Risk Treatment Table" template, located at the folder 05 Risk Assessment and Risk Treatment Methodology, and the "Risk Treatment Plan" template, located at the folder 07 Risk Treatment Plan
- List of legal, statutory, regulatory and contractual provisions (required by clauses 4.2 and A.18.1.1) is covered by the "List of Legal, Regulatory, Contractual and Other Requirements" template, located at the folder 02 Procedure for Identification of Requirements

There is no specific template for employee competence records, because we consider organizations already have their own templates, as well as the training providers (they use already have their own certificates forms).
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 23, 2017

Oct 23, 2017

Suggested Topics

Guest user Created:   Jun 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Implementation questions

Guest user Created:   May 29, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit question

Guest user Created:   Apr 04, 2020 ISO 27001 & 22301
Replies: 1
0 0

Software Development Security