Expert Advice Community

Guest

Toolkit content

  Quote
Guest
Guest user Created:   Nov 08, 2018 Last commented:   Nov 08, 2018

Toolkit content

1. I have gone through the toolkit and couldn’t see some of the mandatory documents under Annex A, for example, A.6 Organization of information security I didn’t find all the mandatory document.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 08, 2018

Answer: ISO 27001 does not require documents specific for control from section A.6, but these following templates in your toolkit cover controls from this section:
- Bring Your Own Device (BYOD) Policy (covers controls A.6.2.1 and A.6.2.2)
- Mobile Device and Teleworking Policy (covers control A.6.2)
- Acceptable Use Policy (covers controls A.6.2.1 and A.6.2.2)

2. Also, A.12 Operations security should include all below, but I can see only 3 controls ? Could you please let me know how to address this, please ?
1. Operational procedures and responsibilities
2. Protection from malware
3. Backup
4. Logging and monitoring
5. Control of operational software
6. Technical vulnerability management
7. Information systems audit considerations

Answer: These controls are covered by the following templates:
1. Operational procedures and responsibilities: Operating Procedures for Information and Communication Technology
2. Protection from malware: Acceptable Use Policy
3. Backup: Operating Procedures for Information and Communication Technology, Backup Policy, and Acceptable Use Policy
4. Logging and monitoring: Operating Procedures for Information and Communication Technology
5. Control of operational software: Acceptable Use Policy
6. Technical vulnerability management: Acceptable Use Policy
7. Information systems audit considerations: Internal Audit Procedure

ISO 27001 does not require each control in Annex A to be documented. Our toolkits focus on small and mid-size companies, and that's the reason why we do not write documents to cover each control – for those companies this large number of documents would result in an overkill for many of them. Instead of that a single template may cover multiple controls.

In the root folder of the toolkit you'll find a document called “List of Documents” that explains which control is covered by which document.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 08, 2018

Nov 08, 2018

Suggested Topics

Guest user Created:   Sep 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   May 28, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Mar 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content