I have a question regarding documenting procedures. How much detail should these documents contain, a very detailed a step by step or would a high level procedure.
For example with a switch:
Step 1 – Gather information
Step 2 – Add info to switch config
Step 3 – Install switch
Step 4 – Add switch to monitoring
or
Step 1 – Install latest sw on switch
Step 2 – Obtain an ip address from the document located (HERE)
Step 3 – Add info to switch config
Step 3 – Install switch
Step 4 – Confirm switch is reachable
Step 5 – Add switch to monitoring by providing SNMP details to monitoring team
Step 6 – Update asset inventory
Thanks in advance
Paul
Assign topic to the user
Both examples are acceptable. ISO 27001 does not prescribe which level of details must be considered for documentation. Regarding this issue it only has a note that documents can vary from organization to organization, considering:
- the size of organization
- type of activities, processes, products and services
- the complexity of processes and their interactions
- the competence of persons.
Considering that, you should detail the information considering the needs and competence of the people that will use it.
These articles will provide you further explanation about developing documents:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
Comment as guest or Sign in
Sep 13, 2019