Question about Operating Procedures for IT Management.
I hope you are doing well. I have a quick question about what is meant by Operating Procedures for IT Management. Is that ISO required for year 1? Can you provide a sample if required?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
In the context of ISO 27001, operating Procedures for IT Management refers to documents describing technical and management activities to be performed by IT teams to ensure information security.
Please note that depending upon results of risk assessment, or applicable legal requirements, it may be needed that IT operating procedures be documented so employees have clear guidance on how to perform their activities and prevent incidents. These documents will cover either execution of operation activities (e.g., backup generation), as well as management activities (e.g., management of changes in IT systems).
The template “Security Procedures for IT Department” you already bought is the one you need to use to cover this need for ISO 27001.
These articles will provide you a further explanation about developing documents:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
Comment as guest or Sign in
Oct 09, 2021