Expert Advice Community

Guest

Template content

  Quote
Guest
Guest user Created:   Dec 18, 2018 Last commented:   Dec 18, 2018

Template content

In the demo (eng) 27001:2013, you are missing chapt 18. Compliance, also nothing for chapt. 6 (ISO 27001:2013) demo?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 18, 2018

Answer:

First of all, sorry for this confusion.

The documents from sections A.6 and A.18 are not missing from the toolkit – you can find them here:
- A.6 – these documents are covered in the toolkit in folder "A.6 Organization of information security”, located on folder “08 Annex A”
- A.18 – these documents are covered in the toolkit in folder "02 Procedure for identification of requirements”
In case you are also in doubt about documents from section A.5, all the documents from folder “08 Annex A” cover the requirements about information security policies (A.5.1.1) and review of the policies (A.5.1.2)
Quote
0 0
Guest
elcoqui69 Dec 18, 2018
Well under that folder : A.6 Organization of information security”, ther eis only two docs: Bring_your_own_device_BYOD_Policy and Mobile_Device_and_Teleworking_policy, where is information regarding: 6.1 Internal organization, 6.1.1 Information security roles and responsibilities, 6.1.2 Segregation of duties, 6.1.3 Contact with authorities, 6.1.4 Contact with special interest groups, 6.1.5 Information security in project management,
Regards,

Eric
Quote
0 0
Expert
Rhand Leal Dec 20, 2018
Control 6.1.1 Information security roles and responsibilities is covered by all templates in the toolkit. For each required action on a template always it is required the definition of who must perform it (the field [job title]).

Please be aware that ISO 27001 does not require you to document each and every control you declare as applicable, you can simply describe the implementation of such undocumented controls in the Statement of Applicability. In order to avoid overhead for small companies, we have decided to include in the toolkit only those documents that are mandatory + those that are most commonly used; in other words, you will not find in the toolkit the documents that are not mandatory and that are not used very often.

For more information regarding controls A.6.1.4, and A.6.1.5 please read these materials:
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/blog/2015/07/06/how-to-manage-security-in-project-management-according-to-iso-27001-a-6-1-5/
- Special interest groups: A useful resource to sup port your ISMS https://advisera.com/27001academy/blog/2015/04/06/special-interest-groups-a-useful-resource-to-support-your-isms/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 18, 2018

Dec 20, 2018

Suggested Topics

Guest user Created:   Mar 13, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Mar 11, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Feb 26, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content - DRP