Expert Advice Community

Guest

Extended controls documentation

  Quote
Guest
Guest user Created:   Nov 23, 2021 Last commented:   Jun 15, 2022

Extended controls documentation

I can’t find the ISO-27018 Extended controls documentation. Kindly get me the information
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 23, 2021

Please note that the ISO 27001 Documentation Toolkit you bought does not contain references to ISO 27018 clauses and controls.

Documents compliant with ISO 27018 can be found in the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit (https://advisera.com/27001academy/product-tour/#iso27001-iso27017-iso27018).

For further information, see:
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

Quote
0 0
Guest
Erik A Jun 08, 2022

Sorry we believe $997 is pricey and that list of documents is an overkill. FYI, we are an ISO27001 certified company since 2015 and already have the basics.

So, your team member Marko suggested these 23 documents:

  1. Procedure for Identification of Reqs
  2. Appendix 1 - List of Legal, Regulatory, Contractual and Other Requirements
  3. IS Policy
  4. Cloud Security Policy
  5. Policy for Data Privacy in the Cloud
  6. SoA
  7. Mobile Device & Teleworking Policy
  8. Confidentiality Statement
  9. Statement of Acceptance of ISMS Docs
  10. Assets Inventory
  11. Info Classification Policy
  12. Access Control Policy
  13. Password Policy
  14. Encryption Policy
  15. Disposal and Destruction Policy
  16. Security Procedures for IT Department
  17. Chg Mgmt Policy
  18. Backup Policy
  19. Secure Development Policy
    1. Appendix 1
  20. Supplier Security Policy
  21. Security Clauses for Clients, Suppliers and Partners
  22. Incident Management Procedure
  23. Appendix 3 – Internal Audit Checklist

Which is based on the Checklist PDF that Advisera developed.

This in turns, has pushed down the price tag to $582 only, which saves us budget. What do you think?

Quote
0 1
Expert
Rhand Leal Jun 15, 2022

It is fine you use only the complementary document which covers the specifics of ISO 27017 and ISO 27018.

However, please be advised that these documents were made for companies that want to implement all 3 standards (ISO 27001, ISO 27017, and ISO 27018), and that ISO 27017 and ISO 27018 sections are not specifically marked in the text.

By the way, in case you do not need the Disposal and Destruction Policy, the Change Management Policy, and the Backup Policy as separate documents, you can skip those and use only the Security Procedures for the IT Department (the content of these policies is included in this template).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 23, 2021

Jun 15, 2022

Suggested Topics

Bills Created:   Aug 15, 2022 ISO 27001 & 22301
Replies: 6
0 0

ISMS Scope Extension

Guest user Created:   Nov 13, 2020 ISO 27001 & 22301
Replies: 1
0 0

Coaching