Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ISO 27001 templates

  Quote
Guest
Guest user Created:   Jun 22, 2022 Last commented:   Jun 22, 2022

ISO 27001 templates

Hi, we have recently purchased your ISO templates and I am one of those responsible for working on them. In the document A.12.1_Security_Procedures_for_IT_Department_Cloud there is a section down the bottom with all the attachments which I am lost in because I could not find any templates on those attachments. These are: [Security features and level of expected service for network services] – electronic and paper form [Security features and level of expected service for cloud services] – electronic and paper form And I simply do not know where to start from the scratch [Erasure/destruction records] – in paper form [Decisions about the communication channels used for specific types of information, restrictions, forbidden activities] – electronic form Is there any template that could help please?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 22, 2022

Please note that all information you need to develop these records are in the template itself:

  • [Security features and level of expected service for network services] – electronic and paper form: in section 3.4 is defined that you can use the service agreement established with the provider to document such requirements.
  • [Security features and level of expected service for cloud services] – electronic and paper form: in section 3.5.1 you can find which features need to be documented, and with whom, in this case, the cloud providers.
  • [Erasure/destruction records] – in paper form: in section 3.6.5 is defined which information needs to be recorded: : information about the media, date of erasure/destruction, method of erasure/destruction, and person who carried out the process.
  • [Decisions about the communication channels used for specific types of information, restrictions, forbidden activities] – electronic form: in section 3.7 are defined information that must be included in the record: type of communication channel, type of information, applicable restrictions, etc.

In the comments of each section, you will find examples that you can use to fill in the records.

Regarding templates for these records, ISO 27001 does not prescribe the layout for these records, so organizations can develop them as they see fit.

For example, for the record about “Decisions about the communication channels…” you can use the current way your organization records decisions (there is no need to develop a specific document for the ISMS).

This article will provide you with a further explanation of record management:

This material will also help you regarding record management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 22, 2022

Jun 22, 2022

Suggested Topics