ISO 27001 templates
Hi, we have recently purchased your ISO templates and I am one of those responsible for working on them.
In the document A.12.1_Security_Procedures_for_IT_Department_Cloud there is a section down the bottom with all the attachments which I am lost in because I could not find any templates on those attachments.
These are:
[Security features and level of expected service for network services] – electronic and paper form
[Security features and level of expected service for cloud services] – electronic and paper form
And I simply do not know where to start from the scratch
[Erasure/destruction records] – in paper form
[Decisions about the communication channels used for specific types of information, restrictions, forbidden activities] – electronic form
Is there any template that could help please?
Assign topic to the user
Please note that all information you need to develop these records are in the template itself:
- [Security features and level of expected service for network services] – electronic and paper form: in section 3.4 is defined that you can use the service agreement established with the provider to document such requirements.
- [Security features and level of expected service for cloud services] – electronic and paper form: in section 3.5.1 you can find which features need to be documented, and with whom, in this case, the cloud providers.
- [Erasure/destruction records] – in paper form: in section 3.6.5 is defined which information needs to be recorded: : information about the media, date of erasure/destruction, method of erasure/destruction, and person who carried out the process.
- [Decisions about the communication channels used for specific types of information, restrictions, forbidden activities] – electronic form: in section 3.7 are defined information that must be included in the record: type of communication channel, type of information, applicable restrictions, etc.
In the comments of each section, you will find examples that you can use to fill in the records.
Regarding templates for these records, ISO 27001 does not prescribe the layout for these records, so organizations can develop them as they see fit.
For example, for the record about “Decisions about the communication channels…” you can use the current way your organization records decisions (there is no need to develop a specific document for the ISMS).
This article will provide you with a further explanation of record management:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
This material will also help you regarding record management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Comment as guest or Sign in
Jun 22, 2022