Toolkit content
Assign topic to the user
1. Attached please see the excel sheet and let me know if you have something like this in the toolkit or if it can be produced?
Answer: Most of documents you identified are included in the toolkit (e.g., Information Security Policy, Teleworking Policy, etc.). To see which documents are included in the toolkit, and which clauses of the standard are covered by them, please access the List of documents file on this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Regarding other documents not included in the toolkit, included in it you will find a blank template that you can use to develop them. We do not develop customized documents, but also included in the toolkit, depending on the package you choose, you have a limited number of documents you can submit for our review, where we provide you feedback regarding corrections or improvement to be made. You also can count with an unlimited support through email, and some hours of face to face online meetings, where you can clarify some of your doubts.
2. What goes in "Justification for"? (please see the png attachment)
Answer: In the "Justification" column in the Statement of Applicability document you have to fill in why you are using or not a given control. General justifications for implementing a control are "to treat unacceptable risk XXX", "to fulfill legal requirement from law/regulation/contract YYY", or "implementation required by top management decision". As for justification for not implementing a control you can state that "there are no unacceptable risks or legal requirements demanding to implement this control".
This article will provide you further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
May 03, 2019