Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

ISO 27001 / ISO 22301 Tools for Consultants in German

  Quote
Guest
Guest user Created:   Oct 25, 2023 Last commented:   Oct 25, 2023

ISO 27001 / ISO 22301 Tools for Consultants in German

I'm currently working with your documents and came across the following issue:

In the overview of all documents (pdf) there are links from the different documents to the relevant sections of the standard/norm. 

If I turn around this linkage, I'm surprised that there is no link to any of the documents for the following Appendix A controls: 

A.5.1 Informationssicherheitsrichtlinien
A.5.2 Informationssicherheitsrollen und -verantwortlichkeiten
A.5.3 Aufgabentrennung
A.5.6 Kontakt mit speziellen Interessensgruppen
A.5.8 Informationssicherheit im Projektmanagement
A.5.34 Datenschutz und Schutz personenbezogener Daten (pbD)
A.5.36 Einhaltung von Richtlinien, Vorschriften und Normen für die Informationssicherheit
A.7.1 Physische Sicherheitsperimeter
A.7.2 Physischer Zutritt
A.7.4 Physische Sicherheitsüberwachung
A.7.5 Schutz vor physischen und umweltbedingten Bedrohungen
A.7.8 Platzierung und Schutz von Geräten und Betriebsmitteln
A.7.11 Versorgungseinrichtungen
A.7.12 Sicherheit der Verkabelung
A.7.13 Instandhaltung von Geräten und Betriebsmitteln
That means those controls wouldn't be handled anywhere in the future ISMS documentation !?

Can that be true?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 25, 2023

Please note that not all controls from ISO 27001 Annex A need to be documented according to the standard (and in our opinion, it would be an overhead to document each and every one of them in a small company), and some of the controls you mentioned are covered by documents in the toolkit. 

Our toolkit is created specifically for smaller companies that want to implement ISO 27001 in a quick way, without unnecessary paperwork; for larger companies that require more documents, we recommend getting some other solution. 

Controls covered by documents in the toolkit:
A.5.1 Policies for Information Security – This control refers to all policies defined for the ISMS.

A.5.2 Information security roles and responsibilities - roles and responsibilities are described in all policies and procedures included in the toolkit. 

Controls that do not require documentation are as follows, and information about how they are implemented is included in the Statement of Applicability (which can be found in folder 07 Applicability of Controls):

A.5.3 Segregation of duties

A.5.6 Contact with special interest groups

A.5.8 Information security in project management

A.5.34 Privacy and protection of PII

A.5.36 Compliance with policies, rules and standards for information security

A.7.1 Physical security perimeters

A.7.2 Physical entry

A.7.4 Physical security monitoring

A.7.5 Protection against physical and environmental threats

A.7.8 Equipment siting and protection

A.7.11 Supporting utilities

A.7.12 Cabling security

A.7.13 Equipment maintenance

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 25, 2023

Oct 25, 2023

Suggested Topics