Standards for IT procedures and policies
Assign topic to the user
Answer: For definition of IT Security and Operation Security policies complaint with ISO standards you should consider ISO 20000 (for IT service management) and ISO 27001 (for Information security management). By considering these standards, you can develop policies and procedures to ensure proper IT operations and protection of information.
If your focus is on information security, I suggest you to take a look at the free demo of our Operating Procedures for Information and Communication Technology at this link: https://advisera.com/27001academy/documentation/operating-procedures-for-information-and-communication-technology/
The purpose of this document is to ensure correct and secure functioning of information and communication technology.
If your focus is on information technology, I suggest you to take a look at the free demo of our ISO 20000 Documentation Toolkit at this link: https://advisera.com/20000academy/iso-20000-documentation-toolkit/
This toolkit will help you implement, operate manage an efficient and secure IT service process.
These materials will provide you further explanation about ISO 20000 and ISO 27001:
- How to implement ISO 27001 and ISO 20000 together https://advisera.com/27001academy/blog/2015/03/16/how-to-implement-iso-27001-and-iso-20000-together/
- How to integrate ISO 27001 and ISO 20000 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-integrate-iso-27001-and-iso-20000-free-webinar-on-demand/
2. My second question is that I am writing new Process document & guidelines for customer.. I am planing to used ISO standard only.
Need help to understand how to write Process & guidelines according ISO standard.
Answer: For developing and implementing procedures I suggest you the following articles:
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/knowledgebase/seven-steps-for-implementing-policies-and-procedures//
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/ (the orientations applied here for ISO 27001 documents also can be applicable to other documents in general).
Comment as guest or Sign in
Dec 16, 2017