Policy development
Assign topic to the user
I could certainly use some guidance from you - just in the above mentioned areas. FYI - The statement of applicability is being crafted and should be done in a couple of weeks
Answer:
First it is important to understand that useful policies and procedures are not developed to cover specific clauses of the standard. They are developed to describe and help you better run your processes, including pertinent controls when applicable. Considering that, I suggest you to take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
This demo contains parts of several policies and procedures to help you understand how these documents look like.
Regarding how to develop poli ces and procedures, the first step is to identify which requirements the policy or procedure must fulfill. For example, your organization may have contracts, laws, or regulations with clauses defining a specific approach for a security solution. After identifying those requirements you should consider the context of your organization regarding size, processes complexity, and staff maturity.
These articles will provide you further explanation about documents development:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
Comment as guest or Sign in
Feb 22, 2019