Expert Advice Community

Guest

Toolkit content

  Quote
Guest
Guest user Created:   May 28, 2021 Last commented:   May 28, 2021

Toolkit content

Today we downloaded the toolkit for creating ISO 27001.

We noticed that appendix A_6.1 does not contain a document "internal organization" that the points of the declaration of applicability 6.1. contains:

A.6.1.1 - Information security roles and responsibilities
A.6.1.2 - Segregation of duties
A.6.1.3 - Keeping in contact with authorities
A.6.1.4 - Keeping in contact with special interest groups
A.6.1.5 - Information security in project management

Our document 6.1. is the regulation on BYOD. Is there a document missing or could you send it to us?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 28, 2021

ISO 27001 does not require each control in Annex A to be implemented, only those deemed necessary as a result of risk assessments, legal requirements, or organizational decisions. To see the required documents by the standard, and the most common documents implemented to support an ISMS, please see this article:  
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Our toolkits focus on small and mid-size companies, and that's the reason we do not write documents to cover each control – for those companies this large number of documents would result in overkill for many of them. Instead of that, a single template may cover multiple controls. In the root folder of the toolkit, you'll find a document called “List of Documents” that explains which control is covered by which document.

A.6.1.1 - Information security roles and responsibilities are embedded in every document in the toolkit (you can identify its application on the field which requires a job title to be defined).

For further information, see:  
- How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/01academy/emy/ademy/my/blog/16/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/

A.6.1.2 - Segregation of duties is included in templates where such control is deemed applicable (e.g., in change management policy roles for request a change and approve one can be different), and the Statement of Applicability document provides a short guidance on how to implement this control. 

For further information, see:
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/01academy/emy/ademy/my/blog/16/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/

A.6.1.3 - Keeping in contact with authorities, A.6.1.4 - Keeping in contact with special interest groups, and A.6.1.5 - Information security in project management are not commonly used controls, so they do not have a specific application in the templates. Likewise for A.6.1.2, the Statement of Applicability document provides a short guidance on how to implement these controls.

For further information, see:
- Special interest groups: A useful resource to support your ISMS https://advisera.com/27001academy/01academy/emy/ademy/my/blog/15/04/06/special-interest-groups-a-useful-resource-to-support-your-isms/
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/01academy/emy/ademy/my/blog/15/07/06/how-to-manage-security-in-project-management-according-to-iso-27001-a-6-1-5/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 28, 2021

May 28, 2021

Suggested Topics

Guest user Created:   Mar 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Apr 17, 2020 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content