Expert Advice Community

Guest

Doubts about the package of documents to buy

  Quote
Guest
Guest user Created:   Sep 15, 2022 Last commented:   Sep 15, 2022

Doubts about the package of documents to buy

Hello, I would like your advice on what package of documents is useful for me to work on some rules and policies of ISO 27,000.

I have to comply with these points:

1. Secure management of electronic and paper information (secure means of printing, storage, transfer).

2. Timely management of critical and security updates of the operating systems of any equipment and corporate applications that receive, process and/or protect CLIENT information.

3. Correct administration of the antivirus systems that protect the equipment that receives, processes and/or protects the CLIENT's information.

4. Appropriate controls to protect against unauthorized access to IMR's corporate networks (protection of wired and wireless networks, intrusion detection, etc.).

5. Adequate controls over the privileges/profiles of all users, as well as administrative permissions exclusively to prevent the installation of unauthorized software, blocking of portable applications, games, unauthorized programs and any other code or executable files that could put at risk the information that is processed in the equipment with access to CLIENT information.

6. Appropriate controls for good use of internet connectivity, taking care that CLIENT information cannot be exposed in services such as public email, instant messaging, social networks, discussion forums, file sharing sites, among others. .

7. Appropriate procedures for the correct administration of Security Incidents (information theft, misuse of information, damage to equipment with CLIENT information, among others).

8. Appropriate controls for access to equipment containing CUSTOMER information, procedures for managing users due to employee termination or role changes, etc.

9. Correct controls to guarantee the integrity of the equipment when it is unattended (automatic locks with screen protection, physical locks to secure equipment, etc.).

10. Correct and complete documentation to ensure that the personnel who access the CLIENT's information have complied with a formal hiring process, signature of confidentiality agreements, among others.

11. Appropriate procedures to control confidentiality agreements with third parties, indicating the prohibition of contracting/sharing/accessing CLIENT information with unauthorized third parties, without having previously documented the CLIENT's authorization.

0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 15, 2022

To comply with the point you listed you can use the ISO 27001 documentation toolkit (https://advisera.com/27001academy/es/paquete-de-documentos-sobre-iso-27001/). Some documents in this toolkit that can help fulfill some of your points are:
- Information Classification Policy (point 1 )
- Security Procedures for IT Department (points 2, 3, 4, 5, and 6 )
- IT Security Policy (points 2, 3, 6, and 9)
- Access Control Policy (points 5 and 8)
- Incident Management Policy (point 7 )
- Statement of Acceptance of ISMS Documents (points 10 and 11)
- Confidentiality Statement (points 10 and 11 )

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 15, 2022

Sep 15, 2022

Suggested Topics

Guest user Created:   Jun 10, 2024 ISO 27001 & 22301
Replies: 1
0 0

Non-mandatory documents

Brad Created:   Apr 22, 2024 ISO 27001 & 22301
Replies: 1
0 0

Custom Edit Documents