5 Things to Remember when writing an ISO 27001 Policy Document
ISO 27001 Policy documents are the foundation of an information security management system. You could get someone to implement it for you, you could buy the ISO 27001 policy templates or you could write them from scratch. Here are the top 5 things to remember when writing your own ISO 27001 policy documents.
1 Your ISO 27001 Policy Will Need Version Control
A policy is a living document. It will change and it will evolve. You will want to track those changes and demonstrate how your policy has matured. The simplest was is a version control table that captures the author, the reason for the change and the date of the change.
2 Your ISO 27001 Policy Will Need a Classification
You are going to put in place an information classification and this document needs classifying too. It probably isn’t at your highest level of security classification but consider something along the lines of ‘Internal Protected’ and then mark up the footer of every page with that classification and control it in line with the classification.
3 Your ISO 27001 Policy Will Need an Owner
Policies are like pets in so far as they need an owner. The owner is responsible for the policy although it doesn’t mean to say they do the leg work. Senior management typically owns policy so make sure someone owns the policy, knows what is says and is responsible for it working in your company.
4 Your ISO 27001 Policy Will Need a Review Date
Policies need to be reviewed at least every 12 months. Make sure your policy has a review date and that you schedule and carry out your review.
5 Your Policy Will Need to be shared
Policies need to be shared with the people that they are relevant to. Make sure you share and communicate your policy and make sure your policy has a distribution section on who the policy applies to.
Speak to a member of the team now on
03455 760 999
We would love to help you, ask for Stuart: