Toolkit selection
Which of your Toolkits is the best option:
ISO 27001 DocumentationToolkit or ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit?
Can we guarantee that the 13 points mentioned below are covered in either of our Toolkits?
1. Encryption key management
2. Network segregation
3. Audit logging
4. Patch and vulnerability management program
5. Information security awareness, education, and training
6. Physical and environmental security
7. Operational procedures and responsibility
8. System acquisition, development, and maintenance – including secure coding practices
9. System access control
10. Personnel security
11. Backup
12. Encryption at Rest
13. Security Monitoring Practices
Assign topic to the user
If you do not have any specific requirements (e.g., laws or contracts) for cloud security nor privacy in the cloud, the ISO 27001 Documentation Toolkit is the best option. In case you have specific requirements for cloud security or privacy in the cloud, then the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit is the best option.
Below you have a list of some documents in the ISO 27001 Documentation Toolkit cover your needs:
1. Encryption key management and 12. Encryption at Rest: Policy on the Use of Encryption https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/
2. Network segregation, 3. Audit logging, 4. Patch and vulnerability management program, 6. Physical and environmental security, 7. Operational procedures and responsibility, and 13. Security Monitoring Practices: Security Procedures for IT Department https://advisera.com/27001academy/documentation/procedures-for-working-in-secure-areas/
Please note that in responsibilities are defined in a high level in the Information Security Policy, and in more specific terms in each policy and procedure defined in the toolkit.
5. Information security awareness, education, and training: Training and awareness plan https://advisera.com/27001academy/documentation/training-and-awareness-plan/
8. System acquisition, development, and maintenance – including secure coding practices: Secure Development policy https://advisera.com/27001academy/documentation/secure-development-policy/
Please note that ISO 27001 does not cover specifics related to secure coding practices.
9. System access control: Access control policy https://advisera.com/27001academy/documentation/access-control-policy/
10. Personnel security: Statement of Acceptance of ISMS Documents https://advisera.com/27001academy/documentation/statement-of-acceptance-of-isms-documents/
11. Backup: Backup policy https://advisera.com/27001academy/documentation/backup-policy/
For more detailed information about which documents cover which clauses of ISO 27001, and to see how these documents look like, please access the free demo of the toolkit in this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Comment as guest or Sign in
Jan 13, 2020