Guest user Created: Jan 18, 2021 Last commented: Jan 18, 2021

ISMS Manual contents

I'm currently guiding an ISO27001 implementation project and aiding people in my team understanding what documentation needs to be done. A topic that comes regularly is the need for an ISMS Manual. I understand this not a mandatory document and to be honest it takes in lots of repeated (summary) information already in other documents of our ISMS. However, I understand some concepts written in this manual may be useful, such as explaining our Information Security organisational structure and the documental framework of the ISMS (what documents do we have, how do we split them into policies, procedures, work instructions, etc.). What do you recommend for documenting this type of info?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 18, 2021

The information about the Information Security organizational structure can be described in the Information Security Policy. You can see a demo template of this document at this link: https://advisera.com/27001academy/documentation/information-security-policy/

The documental framework of the ISMS can be defined in a Procedure for Document and Record Control. You can see a demo template of this document at this link: https://advisera.com/27001academy/documentation/procedure-for-document-and-record-control/

These articles will provide you a further explanation:

Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/

These materials will also help you:

Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
ISO 27001 Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 18, 2021

Expert Advice Community