Expert Advice Community

Guest

Reference documents

  Quote
Guest
Guest user Created:   Apr 28, 2019 Last commented:   Apr 28, 2019

Reference documents

My question relates to the information security guideline; point two - reference documents. The comment said: „list here all internal documents of the organization related to this policy, e.g. business strategy, business development plan, strategic risk management, etc.“
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 28, 2019
How can we estimate which documents are connected to the information security guideline? The ones I would guess (document about the scope; methodology for risk assessment and risk treatment; SoA; list of legal, official, contractual and other requirements etc.) are already named above.
Would you mind giving me some key documents we have to add (beside the already named ones); only for ISO 27001; ISO 22301 excluded. I got the feeling the comment (I talked about before) described it for ISO 27001 and ISO 22301.

Answer:

The best way is to ask to the heads of each unit, and the key users of the processes, included in the ISMS scope. After you brief them on the purpose of ISMS, and show them which documents you already had identified, they would be able to tell you if any necessary document that can be used to define requirements for information security is missing (most probably, all necessary documents will be already on your list of legal and other requirements).
Without knowing details of your ISMS scope, the established security objectives, and the list of documents you already have, we cannot provide insights on what you have to add without the risk to induce you in an error, but as an example, you may consider a methodology for project management (if there is one different to the used for implementing the ISMS).

And you are right in the assumption that the comment applies both to ISO 27001 and ISO 22301.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 27, 2019

Apr 27, 2019