Is there any recommended way to document a policy? lets say, when developing a Mobile Device and Teleworking Policy, one should ensure following elements are defined for each policy:
Policy Statement / Purpose
Scope
Objectives
Reference
Document history
Date released and by who
Date reviewed and by who
Date approve and by who
Definations
Assign topic to the user
ISO 27001 does not prescribe a way to document a policy, so organizations can do it as best it fits them, provided the documents to fulfill the standard's requirements (cause 7.5 - Documented information).
If you want to see how documents compliant with ISO 27001 looks like, I suggest you take a look at the free demo of our Mobile Device and Teleworking Policy at this link: https://advisera.com/27001academy/documentation/mobile-device-and-teleworking-policy/
These articles will provide you a further explanation about developing documents:
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
This material will also help you regarding developing documents:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
Comment as guest or Sign in
Jul 03, 2020