left-svg
Bonus expert support worth $500
with the ISO 27001 Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Expert Advice Community

Guest

Mandatory docs

  Quote
Guest
Guest user Created:   May 12, 2022 Last commented:   May 12, 2022

Mandatory docs

*** are getting ready for their internal audit, and they are asking about some mandatory documents, which I also can’t find on the platform. Please advise how we can generate the following ones: Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4) Acceptable use of assets (clause A.8.1.3) Secure system engineering principles (clause A.14.2.5) Business continuity procedures (clause A.17.1.2) Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3)
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 12, 2022

This information can be located as follow:

  • Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4): security roles and responsibilities are defined alongside all documents implemented for the ISMS. You can see a summary of this information by accessing the “Responsibility Matrix” link in the left side panel of Conformio Screen.
  • Acceptable use of assets (clause A.8.1.3): this control is implemented by means of the IT Security Policy
  • Secure system engineering principles (clause A.14.2.5): this control is implemented by means of the Secure Development Policy
  • Business continuity procedures (clause A.17.1.2): this control is implemented by means of the Disaster Recovery Plan document
  • Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3): logs are generated and stored in the information systems the organization configures them (these records need to be uploaded manually to Conformio if you want to access them through the platform). Security events can be found in the Incident Register Module.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 12, 2022

May 12, 2022

Suggested Topics