How to update isms policy and risk assessment
Assign topic to the user
Thanks for reading my blog Regarding the maintenance of your documents:
1) You should nominate owners for each of your documents, and those owners should review the documents and decide if they need to be updated
2) For risk assessment you should send the previous year risk assessment sheets to all the asset owners (or risk owners if you have them) and ask them if there are some new risks, and if the values of the existing risks have changed
3) Very important - you need to produce all the records that are required by ISO 27001 and by your documentation - with those records you will show that you are doing everything that is required in your documentation.
If you still didn't transition to 2013 revision of ISO 27001, you have to do latest by September 2015 - here are the steps: https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/
Comment as guest or Sign in
Jan 12, 2016