Una pregunta del paquete de plantillas...Estuve revisando el libro "Seguro y Fácil" y en el capítulo 5.1 habla de "Comprender el contexto de su organización", donde indica que respecto a la documentación es obligatoria:
Objetivos de seguridad de información, resultados de la evaluación del riesgo (generalmente bajo la forma de un informe de evaluación de riesgos), los registros de competencia del empleado (generalmente en forma de certificados) y lista de disposiciones legales, estatutarias, reglamentarias y contractuales
Sin embargo, no sabemos dónde ubicar esas plantillas en el paquete de documentos que he adquirido, por favor tu apoyo.
(A question from the package of templates ... I was reviewing the book "Safe and Easy" and in chapter 5.1 talks about "Understanding the context of your organization", which indicates that regarding documentation is mandatory:
Information security objectives, risk assessment results (usually in the form of a risk assessment report), employee competence records (usually in the form of certificates) and list of legal, statutory, regulatory and contractual provisions
However, we do not know where to place those templates in the package of documents I have purchased, please support.)
Answer: Included in your toolkit (in the root folder) there is a List of Documents file that shows you to which clause of the standards each template is related to. In this file you will find this information:
- Information security objectives (required by clause 6.2) are covered by the "Information Security Policy" template, located at the folder 04 Information Security Policy, and the "Statement of Applicability" template, located at the folder 06 Statement of Applicability.
- Risk assessment results (required by clause 6.1.2) are covered by the "Risk Assessment Table" template,and the "Risk Assessment and Risk Treatment Report" template, both located at the folder 05 Risk Assessment and Risk Treatment Methodology
- Risk treatment results (required by clause 6.1.3) are covered by the "Risk Treatment Table" template, located at the folder 05 Risk Assessment and Risk Treatment Methodology, and the "Risk Treatment Plan" template, located at the folder 07 Risk Treatment Plan
- List of legal, statutory, regulatory and contractual provisions (required by clauses 4.2 and A.18.1.1) is covered by the "List of Legal, Regulatory, Contractual and Other Requirements" template, located at the folder 02 Procedure for Identification of Requirements
There is no specific template for employee competence records, because we consider organizations already have their own templates, as well as the training providers (they use already have their own certificates forms).