1) Can I make one policy for Mobile Device and Tele-working since both are almost similar. Is that accepted ?
2) Isn't confidentiality statement equal to NDA which every employee signs ( our company ensures that every employee signs the NDA which has confidentiality requirements too). Isn't this sufficient ?
3) Similarly with Statement of Acceptance of ISMS. Our company's NDA covers all these aspects and is signed by everyone in the Organization.
4)Request some help on ISMS Metrics. How to align ISMS Objectives to Business Strategy ?
Answer:
Point 1: Yes, you can have a unique document for both, but remember that they are not mandatory for the standard. You can see a list of mandatory documents (and non-mandatory) here List of mandatory documents required by ISO 27001 (2013 revision)": https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Point 2: Yes, I think that it is enough. Here keep in mind that the NDA signed is a record that you need to manage, and here you can find information about this Records management in ISO 27001 and ISO 22301: https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
Point 3: Ok, here you can also cover it with your companys NDA.
Point 4: You need to think in the objectives that your organization has to obtain the ISO 27001, what benefits expect your business with the implementation? For example, you have a business that sells through Internet, security objectives? Identify information security risks related to the web application (and reduce them). Anyway, I think that this article can be interesting for you ISO 27001 control objectives Why are they important? : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/. Finally, this article can be interesting for you Four key benefits of ISO 27001 implementation : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/.
Comment as guest or Sign in
Jan 12, 2016