Implementing the documentation in a very small company
Assign topic to the user
Answer:
If you want to be fully compliant with ISO 27001, you should use our toolkit and go step by step through the folders and write all the required documents. However, since you have only a couple of employees, you should take care of the following:
1) You should aim to write as little documents as possible - if you open a PDF document called "List of documents" in your toolkit, you'll see which documents are mandatory - this means that you'll write other documents only if you consider them as necessary.
2) Our documents are already short, but you should shorten them even more if you feel part of the text doesn't apply to you - in other words, when editing the documents you should not write "does not apply" for particular section, simply delete that section. By the way, you will have to specify which security controls are not applicable to your company in the Statement of Applicability.
These materials will also help you:
- article The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- free online course ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jun 07, 2016