Expert Advice Community

Guest

Integrating ISO 27001 to business

  Quote
Guest
Guest user Created:   Apr 05, 2018 Last commented:   Apr 05, 2018

Integrating ISO 27001 to business

1 - Gostaria de saber melhor sobre os elementos procedimentos de controle de documentos, as ações corretivas e preventivas e a auditoria interna. Como especificamente colocarei isso na documentação da empresa que estagio? Além dos procedimentos de controle de documentos, as ações corretivas e preventivas e a auditoria interna, papéis e responsabilidades dos funcionários, fornecedores e terceiros, termos e condições de contratação, procedimentos de operação das instalações de processamento de informação.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 05, 2018

(1 - I would like to know more about the elements of document control procedures, corrective and preventive actions and internal audit. How specifically will I put this in the company's documentation what stage? In addition to document control procedures, corrective and preventive actions and internal audit, roles and responsibilities of employees, suppliers and third parties, contracting terms and conditions, operating procedures of information processing facilities.)

Answer: For detailed information about the issues you stated, I suggest you these articles:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/

Regarding how you can implement these in you organization, you must first identify your organization's approach toward document control. If your organization has no document control procedure at all, I suggest you to take a look at the free demo of our Procedure for Document and Record Control at this link: https://advisera.com/27001academy/documentation/procedure-for-document-and-record-control/

Regarding contracting terms and conditions and operating procedures of information processing facilities, their content will depend on the results of a risk assessment to identify the relevant risks that must be treated.

These articles will provide you further explanation about ISO 27001:
- ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

These materials will also help you regarding IS 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
- ISO 27001:2013 Internal Auditor course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-internal-auditor-course/

2 - Como se daria essas auditorias?

(2- How would these audits be done?)

Answer: The performing of internal audits follow these general steps:
- Audit planning
- Audit performing
- Audit report
- Audit treatments follow up

In the previous answer you can find additional references.

3 - O que é possível, prático e aceitável elaborar por tabelas?

(3 - What is possible, practical and acceptable to elaborate by tables?)

Answer: ISO 27001 does not define how to implement the documentation (only requires that documents and records must be controlled), so organizations are free to implement them as they see fit. So, tables are acceptable as a mean to control documents if they can fulfill the standard's requirements.

This article will provide you further explanation about document elaboration:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 05, 2018

Apr 05, 2018