Needed Policies
Could you please provide me with the below policies. As per project plan i have to develop these policies. I understand some of them are non-mandatory but my supervisor has requested to develop these. The package i purchased does not have these policies.
Vulnerability Management Policy
Penetration Testing Policy
Cybersecurity Awareness Training Policy
Asset Management Policy
Wireless Access Policy
Endpoint Security Policy
Anti Virus Policy
Patch Management Policy
Log Monitoring Policy
Incident Response Policy
Regards
Assign topic to the user
Since these are non-mandatory nor commonly adopted policies for an ISO 27001 ISMS there are no templates available for such policies. In this case, I suggest you schedule a meeting with one of our experts so he can understand your needs and help you to develop such documents.
From an ISO 27001 point of view, it is important to evaluate which controls you want to implement to better understand how to write such policies and to see if existent templates are sufficient for your need.
For example, the Wireless Access Policy can be embedded in the Access Control Policy (located in folder 08 Annex A >> A.9 Access control), since the wireless network is an infrastructure element already covered in the Access Control Policy.
Another example is the Endpoint Security Policy. Elements of endpoint policy, such as configuration and use of software, are already defined in the IT Security Policy (located in folder 08 Annex A >> A.8 Asset Management). The same applies to Anti-virus Policy, also covered in the same IT Security Policy.
Comment as guest or Sign in
Oct 08, 2021