Updating existing information security policies
Assign topic to the user
Answer:
ISO 27001 is not only about security policies, so this task can't be made just by improving your policies without doing the prior analysis. The whole logic of ISO 27001 is based on risk assessment, which means once you know where your risks are then you can start writing the documents and implement the controls that will mitigate those risks.
If you're not particularly satisfied with your existing documents, than it might be easier to write completely new documents - in such case our templates will certainly help you.
Here you'll find the details on this topic:
The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
Comment as guest or Sign in
Jan 13, 2016