Information Security Policies and Procedures

1 - Can you have a look at the document (for review proposes)? The document will be sent once you confirm.

Yes, you can send us the finished document for an expert review. In your package, you have the option of the review of 5 documents.

2 - What do you recommend, shall I keep all Information Security policies and procedures in 1 document or shall I keep every policy in 1 document and the procedures in also in another document.

ISO 27001 does not prescribe how documentation must be elaborated, so organizations can develop them the way it best suits their needs.

The main criteria to decide to merge documents or not are if they have similar purposes and if by merging them they would not become a document too big to understand and read. So, if your single document does not become too big to use and manage it may be best to merge them, so you have fewer documents to manage in your ISMS.

These articles will provide you with a further explanation about developing policies:

• One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
• 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
• How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/