My company has purchased your workshop and documentation toolkit for the ISO 27001 Implementation. We are working on the documents and the statement of Applicability is posing a real challenge.
One thing though I want to be clear on, in your documentation, folder 02 (General policies), I see the information security document which is a relatively short document and not very detailed. However, in the statement of Applicability, I see reference is made many times to the IT Security Policy, which means it should be quite an extensive document.
Please is the Information Security Policy the same as the IT Security Policy?