Implementation of policies

To implement policies you must consider:

• Study the requirements you must fulfill (e.g, contracts, laws, regulations, etc.)
• Take into account the results of your risk assessment, to determine which issues you have to address in your document, and detail level
• Optimize and align your document(s) (i.e., define the total number of documents)
• Structure your document (observe your corporate rules for formatting the document)
• Write your document (basically, the smaller the organization and the smaller the risks, the less complex your document will be)
• Get your document approved
• Training and awareness of your employees

These articles will provide you further explanation about polices development and implementation:

- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

To see how policies and procedures for ISO 27001 look like, I suggest to take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/