In this tutorial video I show you how to implement ISO 27001 Annex A 5.1 Policies for Information Security to pass the audit. This step by step tutorial walks you through how to implement it, pass the audit, common mistakes people make and what an auditor will look for.
I show you exactly what changed in the ISO 27001:2022 update and exactly what you need to do for ISO 27001 certification.
What is ISO 27001 Annex A 5.1 Policies for Information Security?
ISO 27001 Annex A 5.1 Policies for Information Security is an ISO 27001 control that requires you to have an information security policy and topic specific information security policies as applicable. It sets out clear requirements for what the information security policy should contain and clear guidelines of what you need to do.
The requirement is to decide which information security policies that you need and to communicate them and have them accepted by people.
Do It Yourself ISO 27001
► Do It Yourself ISO 27001 with the Ultimate ISO 27001 Toolkit: hightable.io/product/iso-2700...
How to implement ISO 27001 Annex A 5.1 Policies for Information Security
Policies are statements of what we do. They are not statements of how we do it. How we do it is covered in policies. We make a clear distinction here between the two.
1. Decide what policies you need.
You will identify the needs of the business and then via risk management you will understand your risks, put in place your mitigation and write policies that mitigate those risks
2. Write the policies
Either using ISO 27001 Policy Templates, such as those provide by HighTable, or starting from scratch you are going to write your information security policies.
3. Approve the policies
Using your approval method or by using the Management Review Team you are going to have your policies approved. This is to ensure that they are approved and understood by senior management and signed off by HR.
4. Communicate the information security policies
You will communicate the information security policies using different communication methods and over the course of the year at several points so that people are aware of where they are, what they contain and that they have accepted them.
5. Review your policies
As things change and at least annually your are going to review your information security policies to ensure that they are still relevant and update them as appropriate to you.
Information security policies are a foundation stone of your information security management system (ISMS).
Chapters
00:00 Introduction
00:13 Resources to help you
00:35 What are policies?
02:26 ISO 27001:2022 Requirements
02:54 ISO 27001 Policy Templates
03:34 Write Policies
04:31 Assign Policy Ownership
04:55 Approve Policies
05:57 Communicate Policies
06:50 People Accept Policies
07:18 Regularly Review Policies
08:10 Top Tips
08:43 What Auditors Check
09:05 Which Policies Do You Need
09:48 Conclusion
Resources and Links
► Read the blog that accompanies the video: hightable.io/iso-27001-annex-...
#iso27001 #isms
Негізгі бет How to implement ISO 27001 Annex A 5.1 Policies for Information Security - and pass the audit
Пікірлер: 2