Options
ISO27001 Implementation Help!!
I work in a small company as a Systems Manager and now have requirement to follow iso27001 framework. due to financial crisis we are not hiring any auditors.
I will be implementing the whole concept.
does anyone knows any good links for examples of impementation policy,prodecures and documentations.
I have some books but doesn't gives information on how to write the documentations and policies.
I need some examples or templates.
We are running Windows 2003/08 and Xp environment.
Please help me.
Thanks
I will be implementing the whole concept.
does anyone knows any good links for examples of impementation policy,prodecures and documentations.
I have some books but doesn't gives information on how to write the documentations and policies.
I need some examples or templates.
We are running Windows 2003/08 and Xp environment.
Please help me.
Thanks
Comments
-
OptionseMeS Member Posts: 1,875 ■■■■■■■■■□I doubt that anyone that helps companies achieve an ISO standard is going to give it away for free.
MS -
Optionsbroc Member Posts: 167I don't think you realise the scope covered by ISO 27001, it's not something you decide to implement just like that. And writing a policy from scratch take skills and time (a lot of time!).
Regarding the procedures, you should start reading the ISO 27001 and 27002 documents to give you an idea of what's involved.
You can buy them from the ANSI website for fairly cheap:
INCITS/ISO/IEC 27001-2005 Information technology - Security techniques - Information security management systems - Requirements
You can also buy templates online although I haven't seen any good one in my research during the last few months. We decided to write our own policy and have been working on it for a few months.
Another great resource is the SANS website:
SANS: Information Security Policy Templates"Not everything that counts can be counted, and not everything that can be counted counts.”