BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

Toolkit content - A.6.1

  Quote
Guest
Guest user Created:   Jan 20, 2022 Last commented:   Jan 20, 2022

Toolkit content - A.6.1

Where is A.6.1 Internal organization Is it covered in your document pack? As I cannot find it.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 20, 2022

Please note that control A.6.1.1 Information security roles and responsibilities is implemented in all templates of the toolkit (it does not require a separate document). Also, top-level roles and responsibilities are listed in the Information Security Policy.

Controls A.6.1.2 Segregation of duties, A.6.1.3 Contact with authorities and A.6.1.4 Contact with special interest groups do not require specific documentation, so there is no need to develop a policy or procedure for them.  

In cases like this, you only need to provide a record showing how it was performed. For example, for control A.6.1.2 you only need to provide a list of which activities were divided. For controls A.6.1.3 and A.6.1.4, you need to provide a list of which authorities / special interest groups need to be contacted. Since the presentation of this information can vary according to the information systems of each organization, it is unfeasible to provide a template for recording this information.  

About control A.6.1.5 Information security in project management, here's an article that explains the details of its application:
-How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/ 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 20, 2022

Jan 20, 2022

Suggested Topics