ICT policies and controls
Assign topic to the user
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: First of all , you have to identify which requirements your polices must comply with and, considering ISO 27001, which risk you must treat with these polices. After that you have to ensure your polices are all aligned, so no conflict rules will exist, write your polices, get them approved and train your employees, so they can know what is expected from them.
These articles will provide you further explanation about implementing policies:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- 12 steps for ISO 20000 implementation https://advisera.com/20000academy/blog/2016/09/06/12-steps-for-iso20000-implementation/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-de cide-which-iso-27001-policies-and-procedures-to-write/
2 - How would you gather IT procedures?
Answer: The way you gather your polices will depend mainly on your organizational context, but as a general model, you may consider procedures related to final users, procedures for technical staff and procedures for management personnel.
These articles will provide you further explanation about managin documentation:
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
- How to structure ISO 20000 documentation https://advisera.com/20000academy/blog/2016/09/27/how-to-structure-iso20000-documentation/
3 - What steps will you take to implement ICT best practices within the organisation ?
Answer: The first step is the definition of which best practices you intend to use (e.g., ITIL, ISO, COBIT), based on requirements you have to fulfill. The following steps are the same as described in the answer for question 1.
Thes article will provide you further explanation about best practices:
- ISO 27001 vs. ISO 20000 matrix https://info.advisera.com/27001academy/free-download/iso-27001-vs-iso-20000-matrix
- How to integrate ISO 27001, COBIT, and NIST https://info.advisera.com/27001academy/free-download/how-to-integrate-iso-27001-cobit-and-nist
Comment as guest or Sign in
Feb 27, 2018