ISO 27001 templates

Please note that all information you need to develop these records are in the template itself:

• [Security features and level of expected service for network services] – electronic and paper form: in section 3.4 is defined that you can use the service agreement established with the provider to document such requirements.
• [Security features and level of expected service for cloud services] – electronic and paper form: in section 3.5.1 you can find which features need to be documented, and with whom, in this case, the cloud providers.
• [Erasure/destruction records] – in paper form: in section 3.6.5 is defined which information needs to be recorded: : information about the media, date of erasure/destruction, method of erasure/destruction, and person who carried out the process.
• [Decisions about the communication channels used for specific types of information, restrictions, forbidden activities] – electronic form: in section 3.7 are defined information that must be included in the record: type of communication channel, type of information, applicable restrictions, etc.

In the comments of each section, you will find examples that you can use to fill in the records.

Regarding templates for these records, ISO 27001 does not prescribe the layout for these records, so organizations can develop them as they see fit.

For example, for the record about “Decisions about the communication channels…” you can use the current way your organization records decisions (there is no need to develop a specific document for the ISMS).

This article will provide you with a further explanation of record management:

• Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/

This material will also help you regarding record management:

• Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/