Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Expert Advice Community

Guest

Filling documentation

  Quote
Guest
Guest user Created:   Sep 05, 2017 Last commented:   Sep 05, 2017

Filling documentation

We're a gaming software company who runs XXXX. Last month we've acquired UKGC license, and we have to do security audit with ISO 27001.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 05, 2017

We're advised to finish security audit until this Oct 1st, otherwise it will become more difficult (new items will be added).

1 - Do you think we can finish the documentation in a week?

Answer: No, it is not possible to finish the whole documentation for ISO 27001 in a week because: (1) you will have to write at least a dozen documents (for a smaller company), up to ca 50 documents for a mid-sized company, (2) each document needs to be agreed, reviewed and approved by a couple of people, and most importantly (3) it will take a while before your employees start changing their activities according these new rules.

Here are a couple of materials that will help you:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- ISO 27001 / ISO 22301 Implementation Duration Calculator htt p://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
- How long does it take to implement ISO 27001 https://advisera.com/27001academy/blog/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/

2 - What is the most time consuming part while doing security audit?

Answer: The most time consuming part is the audit of implemented practices, because you have to walk around the company and talk to employees, check the computers and other equipment, observe physical security, among other things. To help you go through this as quickly as possible, it is crucial to have a checklist of things you have to check.

These articles will provide you further explanation about performing an audit:
- 7 ways to improve the internal audits of your ISO 27001 ISMS https://advisera.com/27001academy/blog/2017/08/28/7-ways-to-improve-the-internal-audits-of-your-iso-27001-isms/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

These materials will also help you regarding documentation and auditing:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 05, 2017

Sep 05, 2017