Documents considered as next-level projects
Assign topic to the user
1 - As you mentioned during the meeting, the following documents should be considered as next-level projects since they are not needed for our company. Am I correct in that assumption?
04.2_Cloud_Security_Policy_Cloud_EN.docx
04.3_Policy_for_Data_Privacy_in_the_Cloud_Cloud_EN.docx
If you want to be compliant with ISO 27001 only, and not with ISO 27017 and ISO 27018, the 2 documents you mentioned are not needed; also in the Statement of Applicability, you need to take into account only the 114 controls that are related to ISO 27001.
2 - Furthermore, I would appreciate it if you could see the attached and tell me which step you mentioned is not applicable to us? (If any)
Please note that to implement ISO 27001 you will have to go through all the folders listed in the toolkit. By consulting the List of Documents file that comes with your toolkit you will identify which documents need to be implemented to fulfill standards requirements (e.g., Information, Security Policy, SoA, etc.), and those that are recommended to be implemented because they are considered as good practice (e.g., Procedure for Corrective Action).
Comment as guest or Sign in
Nov 05, 2021