Click main image to view in full screen.
BENEFITS OF THIS DOWNLOADABLE PDF DOCUMENT
- Provides you with well-tested and usable plans, policies and procedures to comply with the requirements of ISO 27001, Version 2022
- Supports IT Consultants in ensuring the best implementation of organizational security controls according to the new version of ISO 27K-2022
ISO 27001 PDF DESCRIPTION
Overview and Objective: This is the first of a series of four support books. These contain a set of plans, policies, procedures and complementary guidance (Recommended Compliance Measures-RCMs), an example of a Statement of Applicability and an example of a Gap Assessment. The objective of these is to support you to better comply with the requirements of the controls of Annex A of the new information security standard ISO 27001 and ISO 27002, version 2022).
This book (ISO 27K Compliance Support Tool Kit 1) includes several (91) recommended security compliance measures (RCMs), such as: over 28 Plans, over 12 Policies, over 27 Procedures and over 18 Other Support Tools. These are designed to support you in implementing better the thirty-seven (37) ISO 27K controls and their requirements outlined in ISO 27001:2022, Annex A5, Organizational Controls.
Contents
Chapter 1. Summary: Organizational Controls and Compliance Measures
Chapter 2. RCMs for Information Security Policy
Chapter 3. RCMs for Information Security Management Responsibilities
Chapter 4. RCMs for Threat Intelligence and Information Security in Project Management
Chapter 5. RCMs for Information Assets Management
Chapter 6. RCMs for Information Classification and Transfer
Chapter 7. RCMs for Access Control and Identity Management
Chapter 8. RCMs for Suppliers' Management
Chapter 9. RCMs for Information Security Incident Management
Chapter 10. RCMs for IT Continuity Management
Chapter 11. RCMs for Legal and Other Aspects Management and Records Protection
Chapter 12. RCMs for Privacy, Compliance and Operating Procedures
Additional Resources
Got a question about the product? Email us at support@flevy.com or ask the author directly by using the "Ask the Author a Question" form. If you cannot view the preview above this document description, go here to view the large preview instead.
TOPIC FAQ
What topics are covered by ISO 27001 Annex A organizational controls that I should review first?
Annex A organizational controls as presented in this toolkit cover information security policy, management responsibilities, threat intelligence and information security in project management, information asset management, classification and transfer, access control and identity management, suppliers' management, incident management, IT continuity, legal aspects and records protection, and privacy and operating procedures, listed across 12 chapters.How does a gap assessment support ISO 27001 compliance planning?
A gap assessment identifies differences between an organization’s current practices and the requirements of ISO 27001 Annex A controls; this toolkit explicitly includes an example Gap Assessment to help structure that comparison and prioritize remediation, provided as an example Gap Assessment.What is a Statement of Applicability and why is it needed for ISO 27001?
A Statement of Applicability documents which Annex A controls are applicable to an organization and the justification for inclusion or exclusion; the toolkit supplies an example Statement of Applicability to illustrate how to record applicability and control selection, shown as an example Statement of Applicability.Which types of documents and templates are typically required to implement Annex A controls?
Implementing Annex A controls generally requires a mix of plans, policies, procedures, and supporting tools; this first book supplies recommended compliance measures consisting of over 28 Plans, over 12 Policies, over 27 Procedures, and over 18 Other Support Tools.What should I look for when choosing an ISO 27001 compliance toolkit for organizational controls?
Evaluate whether the toolkit maps control-level measures to Annex A requirements, includes practical templates such as a Statement of Applicability and Gap Assessment examples, and provides a sufficient number of policies/procedures; Flevy's ISO 27K Compliance Support Toolkit - Book 1 includes 91 RCMs and runs 197 pages.How can pre-built templates affect the workload of a small compliance team?
Pre-built plans, policies and procedures let a small team adapt and populate existing documents instead of authoring every item from scratch; this toolkit centralizes such artifacts by providing 91 Recommended Compliance Measures plus example SoA and Gap Assessment to adapt for local use.I need to update access control and identity management—what specific resources should I consult?
Consult the chapter and RCMs dedicated to Access Control and Identity Management in the toolkit, which provide policy and procedure templates and other support tools tailored to those control requirements, specifically referenced in Chapter 7 and its RCMs.What guidance exists for managing third-party supplier security under ISO 27001?
Organizations should implement supplier-management controls, including contractual clauses and monitoring procedures; this toolkit addresses those needs through RCMs for Suppliers' Management, including relevant plans, policies, and procedures found in Chapter 8 and associated tools.Source: Best Practices in ISO 27001, ISO 27002 PDF: ISO 27K Compliance Support Toolkit - Book 1 PDF (PDF) Document, John Kyriazoglou
