SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

ISO 27001 toolkit content

  Quote
Guest
Guest user Created:   Jul 05, 2019 Last commented:   Jul 05, 2019

ISO 27001 toolkit content

I am currently working intensively with your premium package and I am missing vital parts of the ISO 27001 appendix controls:
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 05, 2019
- A.6.1.1 – A.6.1.6
- A.7.3
- A.8.1.3 & A.8.1.4
- A.9.4
- A.11 is also somewhat incomplete
- A.12.1.3 and 12.1.4
- A.12.4 – A.12.7
- A.18 is missing completely

I previously thought, that the missing parts may be part of an update. Can you tell me more about the missing parts of the ISO?

Answer:

First of all, sorry for this confusion. It is important to note that every control does not need to be documented, and to avoid unnecessary administrative work the toolkit includes only all the mandatory + all most common documents.
In the root folder of the toolkit you'll find a document called “List of Documents” that explains which control/clause is covered by which document, and which documents are mandatory.

Documents which cover some of controls you mentioned can be found here:
- A.6.1.2 - this control is covered by document "Incident Management Procedure", located in Folder "08 Annex A – Security Controls" sub-folder "A.16 Information Security Incident Management"
- A.8.1.3 & A.8.1.4 - these controls are covered by documents "IT Security Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.8 Asset Management" and "Supplier Security Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.15 Supplier Relationships"
- A.9.4.1 this control is covered by documents "Information Classification Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.8 Asset Management" and "Access Control Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.9 Access Control"
- A.9.4.3 this control is covered by documents "Password Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.9 Access Control" and "Access Control Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.9 Access Control"
- A.12.4 - these controls are covered by document "Security Procedures for IT Department", located in Folder "08 Annex A – Security Controls" sub-folder "A.12 Operations Security"
- A.18 – controls from this section are covered in the toolkit in folder "02 Procedure for identification of requirements”

In case your implementation requires controls not included in mentioned documents covered by the toolkit, you can contact us by email or schedule a meeting and we can provide the support to develop these documents.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 05, 2019

Jul 05, 2019

Suggested Topics

Guest user Created:   Mar 21, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Toolkit content

Guest user Created:   Jan 28, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Toolkit content

Guest user Created:   Jan 24, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Toolkit content