ISO 27001 toolkit content
Assign topic to the user
- A.6.1.1 – A.6.1.6
- A.7.3
- A.8.1.3 & A.8.1.4
- A.9.4
- A.11 is also somewhat incomplete
- A.12.1.3 and 12.1.4
- A.12.4 – A.12.7
- A.18 is missing completely
I previously thought, that the missing parts may be part of an update. Can you tell me more about the missing parts of the ISO?
Answer:
First of all, sorry for this confusion. It is important to note that every control does not need to be documented, and to avoid unnecessary administrative work the toolkit includes only all the mandatory + all most common documents.
In the root folder of the toolkit you'll find a document called “List of Documents” that explains which control/clause is covered by which document, and which documents are mandatory.
Documents which cover some of controls you mentioned can be found here:
- A.6.1.2 - this control is covered by document "Incident Management Procedure", located in Folder "08 Annex A – Security Controls" sub-folder "A.16 Information Security Incident Management"
- A.8.1.3 & A.8.1.4 - these controls are covered by documents "IT Security Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.8 Asset Management" and "Supplier Security Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.15 Supplier Relationships"
- A.9.4.1 this control is covered by documents "Information Classification Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.8 Asset Management" and "Access Control Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.9 Access Control"
- A.9.4.3 this control is covered by documents "Password Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.9 Access Control" and "Access Control Policy", located in Folder "08 Annex A – Security Controls" sub-folder "A.9 Access Control"
- A.12.4 - these controls are covered by document "Security Procedures for IT Department", located in Folder "08 Annex A – Security Controls" sub-folder "A.12 Operations Security"
- A.18 – controls from this section are covered in the toolkit in folder "02 Procedure for identification of requirements”
In case your implementation requires controls not included in mentioned documents covered by the toolkit, you can contact us by email or schedule a meeting and we can provide the support to develop these documents.
Comment as guest or Sign in
Jul 05, 2019