ISO 27001 Grinds On

What’s the first step?  

  • Create the manual
  • Create the scope
  • Create the SOA

Write the policies.  There has to be a minimum set.  Here are ones that worked.

  • Information security policy
  • Acceptable use policy
  • Clear desk policy
  • Data policy
  • Password policy
  • Management committee terms of reference
  • System and Asset security procedure
  • Risk assessment procedure
  • Information classification procedure
  • Incident reporting procedure
  • Audit procedure
  • Legislation procedure

And then it’s just the evidence




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s