EU GDPR & ISO 27001 Integrated Documentation Toolkit questions

1.We have completed the GDPR Assessment (file 1.1) and most of the answers are negative since we have just started working on the GDPR as well. It's mentioned in the file itself that "If you answered, “No,” to some questions, it will indicate where you need to focus your compliance efforts."

Does this mean that we have to first work on what is missing from the GDPR hence, turn the "no's" into "yes" and then proceed with the ISO documents (Requirements, ISMS Scope etc.)? Or is there a different process we should follow?

You can work both implementations at the same time, following the order of documents and folders as they are presented in the toolkit. The answers from the questionnaire will help you focus on the documents which cover the missing points from GDPR.

Included in the toolkit you have a List of documents file that shows you which documents cover which requirements from both ISO 27001 and GDPR.

For example, if you identify that GDPR article 28 needs to be treated, you need to consider that when working the Supplier Security Policy

2. Once we finish the first draft(s) of our ISMS scope, we would like you to review it as part of the package services we have purchased together with the documentation. Is there a certain procedure we should follow? Given the fact that the Scope is the baseline for implementing ISO, we believe that it would be wise to ensure that our ISMS scope is reasonable and meets all the necessary features.

For document review, you can simply sent the document through email to our support email: support@advisera.com