SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Questions around templates - policies vs procedures

  Quote
Guest
Guest user Created:   Mar 25, 2022 Last commented:   Mar 25, 2022

Questions around templates - policies vs procedures

We have a question around the policies vs procedures. Example: In the template ”Security Procedures for IT-department” under Change Management procedures, you have a comment saying: ”Delete if the change management policy constitutes a separate document”. Shouldn’t the Change management policy and the Change management procedure be separate documents/have separate purposes (the why and the how).
  1. From your templates it seems like policies and procedures could be the same thing, since we don't need a change management policy if we include this as a procedure in the document Security Procedures for IT department?
  2. Is it okay to only have procedures or policies for certain controls?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 25, 2022

Please note that ISO 27001 does not prescribe how police and procedures need to be documented, so organizations are free to document them as best fit their needs (i.e., separated, or merged documents).

For large organizations, policies define the general rules for activities to be performed (what needs to be done), while procedures define specific steps to perform them (how to do).

For example, a Backup Policy can define that those users need to periodically update local data to corporate storage, and you can have specific procedures on how to do that considering different devices, operational software, or work sites.

For small organizations, you can have all this information in a single document, to reduce administrative effort.

These articles will provide you a further explanation about developing documents:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 25, 2022

Mar 25, 2022

Suggested Topics

Guest user Created:   May 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Toolkit questions

Guest user Created:   May 15, 2022 ISO 27001 & 22301
Replies: 1
0 0

Conformio expert questions