Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Toolkit selection

  Quote
Guest
Guest user Created:   Jan 13, 2020 Last commented:   Jan 13, 2020

Toolkit selection

Which of your Toolkits is the best option:
ISO 27001 DocumentationToolkit or ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit?
Can we guarantee that the 13 points mentioned below are covered in either of our Toolkits?

1. Encryption key management
2. Network segregation
3. Audit logging
4. Patch and vulnerability management program
5. Information security awareness, education, and training
6. Physical and environmental security
7. Operational procedures and responsibility
8. System acquisition, development, and maintenance – including secure coding practices
9. System access control
10. Personnel security
11. Backup
12. Encryption at Rest
13. Security Monitoring Practices

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 13, 2020

If you do not have any specific requirements (e.g., laws or contracts) for cloud security nor privacy in the cloud, the ISO 27001 Documentation Toolkit is the best option. In case you have specific requirements for cloud security or privacy in the cloud, then the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit is the best option.

Below you have a list of some documents in the ISO 27001 Documentation Toolkit cover your needs:

1. Encryption key management and 12. Encryption at Rest: Policy on the Use of Encryption https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/

2. Network segregation, 3. Audit logging, 4. Patch and vulnerability management program, 6. Physical and environmental security, 7. Operational procedures and responsibility, and 13. Security Monitoring Practices: Security Procedures for IT Department https://advisera.com/27001academy/documentation/procedures-for-working-in-secure-areas/

Please note that in responsibilities are defined in a high level in the Information Security Policy, and in more specific terms in each policy and procedure defined in the toolkit.

5. Information security awareness, education, and training: Training and awareness plan https://advisera.com/27001academy/documentation/training-and-awareness-plan/

8. System acquisition, development, and maintenance – including secure coding practices: Secure Development policy https://advisera.com/27001academy/documentation/secure-development-policy/

Please note that ISO 27001 does not cover specifics related to secure coding practices.

9. System access control: Access control policy https://advisera.com/27001academy/documentation/access-control-policy/

10. Personnel security: Statement of Acceptance of ISMS Documents https://advisera.com/27001academy/documentation/statement-of-acceptance-of-isms-documents/

11. Backup: Backup policy https://advisera.com/27001academy/documentation/backup-policy/

For more detailed information about which documents cover which clauses of ISO 27001, and to see how these documents look like, please access the free demo of the toolkit in this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2020

Jan 13, 2020

Suggested Topics

Guest user Created:   Aug 17, 2018 ISO 27001 & 22301
Replies: 1
0 0

Toolkit selection

Guest user Created:   Oct 01, 2020 ISO 27001 & 22301
Replies: 1
0 0

Questions for applicability

Guest user Created:   Sep 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Implementation process