A Helping Hand from InfoSaaS: ISO27001 Documentation Packs
13th June 2020
For an organisation to develop a comprehensive information security culture, we need to ensure that each and every one of our colleagues fully understands the correct way of undertaking activities and their individual responsibilities. Without such clear guidance, the effectiveness of security controls will be subject to an individual’s knowledge and interpretation, or worse may be ignored completely.
International Standard for Information Security (ISO27001)
Within the international standard for information security ISO27001, there are a set of mandatory policies, procedures and records which need to be created and maintained if an organisation is seeking independent certification against the standard.
- An information security policy
- A methodology for undertaking risk assessments and risk treatments
- Policies for the acceptable use of assets
- Access control and suppliers, and procedures for IT management
- Incident management and business continuity amongst many others
With nearly twenty mandatory documents required, in addition to those which your own organisation deems necessary to be documented for security purposes, the task of creating a robust portfolio of documentation may seem daunting and challenging. However, with clear guidance and direction, this is not necessarily a burden that you need to shoulder yourself. There are many consultants who will make their services available to you, but this is likely to take longer than necessary and will attract professional fee which may not have been budgeted for.
ISO27001 Document Templates
There is another way. With over 20 years’ experience in the delivery of information security projects and successful ISO27001 certifications (going back as far as BS7799, the forerunner of ISO27001), our Team has gathered significant best practices from different business sectors and witnessed many hundreds of external assessment sessions.
This places InfoSaaS in a unique position to offer a comprehensive ISO27001 documentation pack, addressing the mandatory requirements of the standard and with helpful additional material. Our templated material is structured in a way which allows for easy customisation to meet a customer’s specific needs and assists in the understanding of ISO27001’s requirements. Material from our documentation pack has been thoroughly road-tested in the most demanding of assessments in many countries around the world!
Producing good quality documentation is certainly a key activity, but we must also remember that employees (and other persons within scope of the ISMS) will need to receive regular training which includes awareness of policies and procedures, and how to apply them to their daily activities. Helpfully, the InfoSaaS documentation pack also includes a useful training presentation which can be edited to precisely deliver the organisation’s focused messages.
For a limited time only…
For a limited period, purchasers of our information security documentation pack will be offered the opportunity of using our industry leading InfoSaaS risk management solution completely free of charge for three months.
This solution produces the more dynamic documentation items required by the ISO27001 standard, including the inventory of assets, risk assessment reports, risk treatment plans and a real-time Statement of Applicability.
The InfoSaaS Team are committed to supporting our valued customers with the achievement of their information security objectives, and our documentation packs provide a helpful head-start as well as being great value for money.