left-svg
Bonus expert support worth $500
with the ISO 27001 Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Expert Advice Community

Guest

ISMS 27001 processes

  Quote
Guest
Guest user Created:   May 17, 2022 Last commented:   May 17, 2022

ISMS 27001 processes

I am in the process of setting up the ISMS with your tool kit. What I miss (or haven't found) the processes (structure) for change management or patch management. As well as the subdivision into management, core and support processes. This is required for the process landscape.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 17, 2022

1- I am in the process of setting up the ISMS with your tool kit. What I miss (or haven't found) the processes (structure) for change management or patch management.

To be compliant with ISO 27001 you only need a Change Management Policy, which can be found in folder 08 Annex A Security Controls >> A.12 Operations Security

For an optional more robust documentation (this is not required for ISO 27001), please take a look at this toolkit:

It is designed for compliance with ISO 20000, but can be adjusted to be used with ISO 27001. IT covers the following documents:

  • Request for Change and Change Record- Minutes of Meeting CAB
  • Change Schedule
  • Change Management Process
  • Change Management Policy

For further information, see:

2 - As well as the subdivision into management, core and support processes. This is required for the process landscape.

Regarding processes classification, ISO 27001 does not require processes to be mapped. It is not generally required for the toolkit implementation (for that you only need to implement the documentation in the order they are presented in the toolkit’s folders).

In a general manner, you can consider this classification:

  • management processes: management review
  • core processes: risk management, security operations, processes monitoring
  • supporting processes: document and record management, internal audit

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 17, 2022

May 17, 2022