ISMS Manual contents
I'm currently guiding an ISO27001 implementation project and aiding people in my team understanding what documentation needs to be done. A topic that comes regularly is the need for an ISMS Manual. I understand this not a mandatory document and to be honest it takes in lots of repeated (summary) information already in other documents of our ISMS.
However, I understand some concepts written in this manual may be useful, such as explaining our Information Security organisational structure and the documental framework of the ISMS (what documents do we have, how do we split them into policies, procedures, work instructions, etc.).
What do you recommend for documenting this type of info?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The information about the Information Security organizational structure can be described in the Information Security Policy. You can see a demo template of this document at this link: https://advisera.com/27001academy/documentation/information-security-policy/
The documental framework of the ISMS can be defined in a Procedure for Document and Record Control. You can see a demo template of this document at this link: https://advisera.com/27001academy/documentation/procedure-for-document-and-record-control/
These articles will provide you a further explanation:
- Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2010/03/30/document-management-within-iso-27001-bs-25999-2/
These materials will also help you:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- ISO 27001 Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 18, 2021