IT policy development

Answer: According to ISO 27001, the main issues you should consider in the development of policies and procedures are: legal requirements (e.g., laws and contracts), results of risk assessments and top management decisions (e.g., decisions based on strategic or operational plans and objectives).

Considering your specific scenario, you also should consider a cross evaluation of the requirements related to each country involved, as well as the contracts related to cloud providers (e.g., cloud providers may have operations in additional countries that also should be evaluated.

I suggest you to take a look at the free demo of our Operating Procedures for Information and Communication Technology at this link: https: //advisera.com/27001academy/documentation/operating-procedures-for-information-and-communication-technology/

This document will give you an idea on ahat to consider to to ensure correct and secure functioning of information and communication technology.

This article will provide you further explanation about policy development:
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//

These materials will also help you regarding policy development:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/