Expert Advice Community

Guest

The best way to include “evidences” of policy implementation

  Quote
Guest
Guest user Created:   Oct 14, 2020 Last commented:   Oct 14, 2020

The best way to include “evidences” of policy implementation

Thank you for this mail. I’m currently beginning redaction of the first documents and follow your online training. As I’m very satisfied of both ,  I’m also studying the opportunity to take a company account on advisera training for our employees awareness training.

After hours of reading and watching the very complete content of your website (blog, videos…) I don’t have any questions requiring a meeting, except one you could surely answer by email : what Is the best way to include “evidences” of policy implementation (screenshot, configurations … showing that a rule or control is implemented) ?

  • put them in a folder listed in the record part of the document (one folder by audit date ?) and put link to invidual files in the document (difficult to handle as folder is not always attached to the document, especially when sent to employees who don’t need to have such evidences)
  • put them in aforementioned folder, but without any link ? but this way it could be difficult to see which file corresponds to which rules/ controls
  • other way ?

Once again, thank you very much for the quality of your service

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 14, 2020

Please note that ISO 27001 does not prescribe how to store evidence of implementation, so organizations are free to implement them the best that suits them.
 
Considering that, you can adapt the storage approach to the type of the record (you do not need to adopt a single approach). For example, evidence of monitoring implementation can be stored in the monitoring system (i.e., the monitoring logs). Evidence of awareness and training can be included in the employee's personal folder.
 
Regarding the use of links in the documents, you should consider including a link only to the general folder of your evidence (for example, the audit folder, not the specific audit). This way you can balance the agility to found the records without adding too much complexity.  

This article will provide you a further explanation about record management:

This material will also help you regarding record management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 14, 2020

Oct 14, 2020