Documentation is the core of your ISO 27001 implementation. A good set of documents will enable your employees to understand their obligations better.
Poorly written documents or missing documents will cause confusion and resentment towards information security. Not to mention failing the certification audit.
If you want to implement leading standard for information security management, the ISO 27001 Documentation Toolkit is now available and it consists of 37 documents, including all the mandatory documents and other recommended documentation:
- ISMS Policy
- ISMS Scope Document
- Risk Assessment Methodology
- Risk Treatment Plan
- Procedure for Document and Record Control
- Acceptable Use of Assets Policy
- Policy for Handling Classified Information
- Disposal and Destruction Policy
- Access Control Policy
- Clear Desk and Clear Screen Policy
- Incident Management Procedure
- …and many others.
The documents are specifically intended for small and medium-sized organizations and are written to suit any organization’s needs with minor adjustments (e.g. by filling in the organization’s name, responsibilities, etc.).
Each document contains comments specifying where additional or organization-specific details must be supplied and what may be omitted, what is expressly required by the standard, etc.