I’m writing to you on behalf of the company *** and its CEO ***, who bought the ISO27001 toolkit.
Here are some questions I would like to ask.
1 - In the pack that we bought, we can’t find the document regarding Business Continuity Strategy. First I thought that it is the same as the Disaster Recovery Procedure but after having a look here https://advisera.com/27001academy/documentation/business-continuity-strategy/
, I found out that this is not the case. Could we receive a .doc italian version of this document, like we did for the rest?
2 - All along the instructions we can see that the documents refer to clauses (e.g. A.17.2.1, 7.5…). These clauses sometimes match with the code of controls, other times they don’t. Do these clauses refer to controls or not? If yes, why don't they always match? If not, what do they refer to and is there a list of clauses?
3 - In our documents we put the reference documents towards the end of the documents in the same table with the records. Is that ok or is it better to separate them and put the Reference documents at the beginning of the documents like you did?
4 - In some of our documents/politics we describe the Violations of the Politics in a dedicated paragraph while in your documents we don’t find them. Can we keep these paragraphs regarding Politics Violation or not?
5 - Can we put a document/section with the Organisation chart emphasising the key figures with responsible roles in ISMS? And linked to this topic two more questions: could we use a RACI matrix in the documents? Could you suggest the best way to call these figures in Italian?
Thank you in advance for your help and have a nice weekend.