LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Policy development

  Quote
Guest
Guest user Created:   Feb 22, 2019 Last commented:   Feb 22, 2019

Policy development

I struggle looking for practical examples of Policies that represent some of the key clauses (for e.g A18.x, A14.x or A8.x). Obviously, nobody puts up 'actual' or 'real' examples and its a bit of a challenge to know how to write a Policy, especially when you have never done it before.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 22, 2019

I could certainly use some guidance from you - just in the above mentioned areas. FYI - The statement of applicability is being crafted and should be done in a couple of weeks

Answer:

First it is important to understand that useful policies and procedures are not developed to cover specific clauses of the standard. They are developed to describe and help you better run your processes, including pertinent controls when applicable. Considering that, I suggest you to take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This demo contains parts of several policies and procedures to help you understand how these documents look like.

Regarding how to develop poli ces and procedures, the first step is to identify which requirements the policy or procedure must fulfill. For example, your organization may have contracts, laws, or regulations with clauses defining a specific approach for a security solution. After identifying those requirements you should consider the context of your organization regarding size, processes complexity, and staff maturity.

These articles will provide you further explanation about documents development:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 22, 2019

Feb 22, 2019

Suggested Topics

Guest user Created:   Dec 19, 2017 ISO 27001 & 22301
Replies: 1
0 0

IT policy development

Guest user Created:   Jun 18, 2020 ISO 27001 & 22301
Replies: 1
0 0

Policy author

Guest user Created:   Nov 29, 2019 ISO 27001 & 22301
Replies: 1
0 0

Policy for secure development