Expert Advice Community

Guest

Implementation support

  Quote
Guest
Guest user Created:   Jul 26, 2019 Last commented:   Jul 26, 2019

Implementation support

Thanks for your reply, I am actually looking for implementation support for following controls of ISO 27017 CLD.6.3.1, CLD.8.1.5, CLD.9.5.1, CLD.9.5.2, CLD.12.4.5, CLD.13.1.4.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 26, 2019
Also controls for ISO 27018 A.1.1, A.2.2, A.4.1, A.5.1, A.5.2, A.7.1, A.9.1, A.9.2, A.9.3, A.10.2, A.10.3, A.10.4, A.10.5, A.10.6, A.10.7, A.10.8, A.10.9, A.10.10, A.10.11, A.10.12, A.10.13, A.11.1, A.11.2.
It would be great if you provide templates or dashboard. Looking forward to hearing from you.

Answer:

First it is important to note that for each template you have there is a specific version to be used with cloud environments (the version has the word "cloud" in the file name). The controls you want to implement are covered by the following templates you have:

ISO 27017
- CLD.6.3.1: Cloud Security Policy and Security Clauses for Clients, Suppliers and Partners
- CLD.8.1.5: Supplier Security Policy and Security Clauses for Clients, Suppliers and Partners-
- CLD.9.5.1: Cloud Security Policy
- CLD.9.5.2: Cloud Security Policy
- CLD.12.4.5: Cloud Security Polic y
- CLD.13.1.4: Cloud Security Policy

ISO 27018
- A.1.1: Policy for Data Privacy in the Cloud and Security Clauses for Clients, Suppliers and Partners
- A.2.2: Policy for Data Privacy in the Cloud
- A.4.1: Specification of Information System Requirements
- A.5.1: Policy for Data Privacy in the Cloud and Security Clauses for Clients, Suppliers and Partners
- A.5.2: Policy for Data Privacy in the Cloud
- A.7.1: Policy for Data Privacy in the Cloud
- A.9.1: Policy for Data Privacy in the Cloud and Security Clauses for Clients, Suppliers and Partners
- A.9.2: Procedure for Identification of Requirements, Information Security Policy, Cloud Security Policy, Policy for Data Privacy in the Cloud, Bring Your Own Device (BYOD) Policy, Security Procedures for IT Department, Change Management Policy, Secure Development Policy, and Supplier Security Policy
- A.9.3: For this one you need the Information Transfer Policy template (https://advisera.com/27001academy/documentation/information-transfer-policy/)
- A.10.2: Policy for Data Privacy in the Cloud
- A.10.3: Security Clauses for Clients, Suppliers and Partners
- A.10.4: Security Clauses for Clients, Suppliers and Partners, Information Transfer Policy template, and Security Procedures for IT Department
- A.10.5: Security Clauses for Clients, Suppliers and Partners, Information Transfer Policy template, and Security Procedures for IT Department
- A.10.6: Security Clauses for Clients, Suppliers and Partners, and Security Procedures for IT Department
- A.10.7: For this one you need the Disposal and Destruction Policy template (https://advisera.com/27001academy/documentation/disposal-and-destruction-policy/)
- A.10.8: For this one you need the Access Control Policy template (https://advisera.com/27001academy/documentation/access-control-policy/)
- A.10.9: Access Control Policy
- A.10.10: Access Control Policy
- A.10.11: Security Clauses for Clients, Suppliers and Partners
- A.10.12: Security Clauses for Clients, Suppliers and Partners
- A.10.13: Disposal and Destruction Policy
- A.11.1: Security Clauses for Clients, Suppliers and Partners, and Procedure for Identification of Requirements
- A.11.2: Security Procedures for IT Department

Additionally, included in the templates you bought there are several comments included that can help you customize you documents. When customizing the documents if you have any specific doubt regarding how to make the customization please contact us.

Regarding the order on which to implement the documents, you can follow the order presented in the List of documents file for ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit (which can be found at this link: https://advisera.com/27001academy/iso-27001-iso-27017-iso-27018-cloud-documentation-toolkit/). The order of documents in this file was designed to provide the easiest way to implement the documents.

For further information about the implementation process, please see:
- ISO 27001: An overview of the ISMS implementation process [free webinar] https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 26, 2019

Jul 26, 2019

Suggested Topics