Expert Advice Community

Guest

IT Security Policy too narrow

  Quote
Guest
Guest user Created:   Sep 28, 2022 Last commented:   Sep 28, 2022

IT Security Policy too narrow

We are using the wizard to create the IT Security Policy, and we found that the context in the IT Security policy is too short and seems that it cannot meet the requirements of ISO 27001. For example, the context in the IT Security policy didn't make any references to SOA controls. How would you advise how we can complete the IT Security policy according to the ISO 27001 standard?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 28, 2022

I’m assuming that you did not complete the Risk Register / Statement of Applicability in Conformio.

Considering that, to complete the IT Security policy according to the ISO 27001 standard, you need to perform the Risk Assessment and Risk Treatment, using the Risk Register Module. After you complete the assessment, Conformio will automatically generate the SoA indicating which controls need to be applied to your IT Security policy.

Then you need to start the Wizard and answer the required questions (these are based on the results of risk assessment, i.e., the controls that need to be considered for the IT Security policy).

This way all the relevant controls will be covered in the IT Security Policy, and section 2 of the policy will refer to all controls that are included.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 28, 2022

Sep 28, 2022