Mandatory documents and records
Assign topic to the user
In the list of required documents, one item " Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3)". which document in your tool kit covers this?
Answer:
For the risk assessment we have a template with the following information: categories of assets, catalogue of threats, and catalogue of vulnerabilities. Also the template include a table where you can include information about each asset. This is all that you need, related to the risk assessment, for the implementation of the ISO 27001. If you want, you can see a free version of this document (click on Free Demo tab) Risk Assessment Table" : https://advisera.com/27001academy/documentation/risk-assessment-table/
Keep in mind that this point Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3) is a mandatory record, this is not a mandatory document. We provide templates for documents, but records must be created by each organization - for example, your server will automatically log all the outages of the server, so these will be your records of security events.
Comment as guest or Sign in
Jan 12, 2016