Standard Operating Procedures in ISO 27001
Which document in iso 27001 matches a company Standard Operating Procedures?
Assign topic to the user
Please note that ISO 27001 main clauses (from 4 to 10) do not prescribe the development of procedures. Regarding ISO 27001 Annex A controls, the following controls, when identified as applicable, require the development of procedures:
- A.12.1.1 Documented operating procedures
- A.16.1.5 Response to information security incidents
- A.17.1.2 Implementing information security continuity
To see how documents compliant with these controls look like, please see:
- for control A.12.1.1: Security Procedures for IT Department https://advisera.com/27001academy/documentation/security-procedures-for-it-department/
- for control A.16.1.5: Incident Management Procedure https://advisera.com/27001academy/documentation/incident-management-procedure/
- for control A.17.1.2: Disaster Recovery Plan https://advisera.com/27001academy/documentation/disaster-recovery-plan/
These articles will provide you a further explanation about document management:
- Document management in ISO 27001 & BS 25999-2 https://advisera.com/27001academy/blog/2021/06/27/how-to-manage-documents-according-to-iso-27001-and-iso-22301/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
These materials will also help you regarding document management:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-9001-foundations-course/
Comment as guest or Sign in
Apr 29, 2021