Expert Advice Community

Guest

Toolkit content

  Quote
Guest
Guest user Created:   May 03, 2019 Last commented:   May 03, 2019

Toolkit content

1. Attached please see the excel sheet and let me know if you have something like this in the toolkit or if it can be produced?

2. What goes in "Justification for"? (please see the png attachment)

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 03, 2019
1. Attached please see the excel sheet and let me know if you have something like this in the toolkit or if it can be produced?
Answer: Most of documents you identified are included in the toolkit (e.g., Information Security Policy, Teleworking Policy, etc.). To see which documents are included in the toolkit, and which clauses of the standard are covered by them, please access the List of documents file on this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

Regarding other documents not included in the toolkit, included in it you will find a blank template that you can use to develop them. We do not develop customized documents, but also included in the toolkit, depending on the package you choose, you have a limited number of documents you can submit for our review, where we provide you feedback regarding corrections or improvement to be made. You also can count with an unlimited support through email, and some hours of face to face online meetings, where you can clarify some of your doubts.

2. What goes in "Justification for"? (please see the png attachment)

Answer: In the "Justification" column in the Statement of Applicability document you have to fill in why you are using or not a given control. General justifications for implementing a control are "to treat unacceptable risk XXX", "to fulfill legal requirement from law/regulation/contract YYY", or "implementation required by top management decision". As for justification for not implementing a control you can state that "there are no unacceptable risks or legal requirements demanding to implement this control".

This article will provide you further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 03, 2019

May 03, 2019

Suggested Topics

Guest user Created:   Sep 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   May 28, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Mar 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content