Expert Advice Community

Guest

Policy and procedure development

  Quote
Guest
Guest user Created:   Feb 19, 2019 Last commented:   Feb 19, 2019

Policy and procedure development

What is the first step we have to do to create and prepare new bank risk management policy and procedure.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 19, 2019

Answer:

The first step is to identify which requirements the policy and procedure must fulfill. For example, your organization may have contracts, laws, or regulations with clauses defining which approach to adopt for risk assessment (e.g., quantitative or qualitative approach), or which acceptance criteria to use. After identifying those requirements you should consider the context of your organization regarding size, processes complexity, and staff maturity.

These articles will provide you further explanation about documents development:
- How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How detailed should the ISO 27001 documents be? https://a dvisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/

These materials will also help you regarding documenting risk assessment and treatment:
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 19, 2019

Feb 19, 2019