Template to write the Information Security Objectives and planning to achieve th
Assign topic to the user
is there a template to write information security objectives and planning to achieve them; I mean planning needs to be elaborated while objectives should be written for Organizations' high level directions. so how to combine these two conflicts ? that's what made me confused.
Answer:
Yes, we have these templates, but before let me explain you some things: Usually objectives are set at two levels: 1) General ISMS level (for this you can use an Information Security Policy), and 2) Security controls (for this you can use the Statement of Applicability). So, for the point 1 you can use our template, you can see a free version clicking on Free Demo tab here Information Security Policy : https://advisera.com/27001academy/documentation/information-security-policy/
And for the point 2, you can see also a free version of this Statement of Applicability : https://advisera.com/27001academy/documentation/statement-of-applicability/
Regarding the Plan to achieve the objectives, you need the Risk Treatment plan, and you can also see a free version of our templete here Risk Treatment Plan : https://advisera.com/27001academy/documentation/risk-treatment-plan/
Finally, this article can be also interesting for you ISO 27001 control objectives Why are they important? : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Jan 13, 2016