Expert Advice Community

Guest

Infosec policies

  Quote
Guest
Guest user Created:   Sep 20, 2019 Last commented:   Sep 21, 2019

Infosec policies

I found a simplified security policy which encapsulates a lot of the policies provided in the tool kit but at a higher level. Would something like this be appropriate for our implementation of ISO 27k and would it be appropriate for an audit?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 21, 2019

If this simplified security policy covers all requirements from the standard, properly address the results of risk assessment and the legal requirements your organization must fulfill and is understood and easily handled by your employees, then it is acceptable by ISO 27001 requirements and certification auditors.

Regarding our toolkit, we haven’t found a proper policy format that would meet all those criteria, so this is why we recommend the usage of the documents from the toolkit.

These articles will provide you a further explanation about developing documents:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 20, 2019

Sep 21, 2019

Suggested Topics