ISO 27001 Toolkit content
Assign topic to the user
Answer: I'm assuming that by data classification you mean information classification. Considering that, the template that covers information classification is the "Information Classification Policy", which is located in folder 08 Annex A ==A.8 Asset management
2 - And in addition - vulnerability ,management process? Can't find these docs in the package.
Answer: The vulnerability management is not a mandatory document according to ISO 27001, nor is it a document commonly adopted by organizations (most of them rely on outsourced services for this purpose), so it is not included in the toolkit, to avoid unnecessary effort to manage the ISMS. If you understand that this document is important to your organization, you can schedule a meeting with one of our experts so he can help you to develop such document.
These articles will provide you further explanation about vulnerability management:
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
- Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001-control-a-12-6-2/
Comment as guest or Sign in
Jan 24, 2019