Chapter 5 Information security Policies
Chapter 18 Compliance
Both chapters are missing in the Dutch toolkit and no documents included. Are these missing or are these chapter not obligatory and can I forget these? Will no questions asked about these chapters during an audit?
First of all, sorry for this confusion.
The documents from sections A.5 and A.18 are not missing from the toolkit – you can find them here:
- A.5 – all the documents from folder “08 AnnexA” cover the requirements about information security policies (A.5.1.1 and A.5.1.2)
- A.18 – these documents are covered in the toolkit in folder "02 Procedure for identification of requirements”
Included in the toolkit there is a List of Documents file that shows which documents cover which clauses of the standard.