moved file, links were adjusted

Corpus/Standards/ISO27x/legacy/iso27DIY mk I/About ISO27DIY Policy Cards.md

@@ -0,0 +1,32 @@
+# About ISO27DIY Policy Cards
+
+Policies are part of the collection of [Advised Documents for ISO 27001](../../../../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md).
+
+These could have the shape of 'Policy Cards', produced at the end of each session of the [📼 ISO27DIY Video Series](📼%20ISO27DIY%20Video%20Series.md).
+
+Because the policies produced at the end of a session need to be expanded and adapted to the organization, there will be a corresponding action in the ISMS planning.
+
+At first they will only mention Goal, Method and Responsibilities (and version info of course).
+The cards will reference ISMS clauses in the Strategy/Context/Planning phase.
+
+Later, Metrics (to establish effectiveness) and Evaluation (typically referring to review meetings) will be added.
+
+After the Risk and Assets phase – more specifically, after the asset categories have been identifies – Policy Cards will (also) reference Annex A Controls.
+
+Policy Cards are generated from risks identified and controls defined. They are not editable. They *can* be exported to an (editable) document. 
+
+A Policy Card has a fixed format, see [ISO27DIY Policy Card template](📒%20Templates/ISO27DIY%20Policy%20Card%20template.md). 
+
+ISO 27002:2013 offers the following guidance for A 5.1.1 Policies for information security: “These policies should be communicated to employees and relevant external parties in a form that is relevant, accessible and understandable to the intended reader, e.g. in the context of an ‘information security awareness, education and training programme’ ”.
+
+Related ISO clauses and controls:
+- [ISO 27001 A 5.1.1 Policies for information security](../ISO%2027001%202013/ISO%2027001%20A%205.1.1%20Policies%20for%20information%20security.md)
+- [ISO_27001_OT C 5.2 Policy](../ISO%2027001%202013/ISO_27001_OT%20C%205.2%20Policy.md)
+
+
+Related ideas:
+- [ISO27DIY Recipe for Policy Cards](ISO27DIY%20Recipe%20for%20Policy%20Cards.md)
+- [BC5701_Training_Tab_03_MS](../../../BC%205701/BC5701_Training_Tab_03_MS.md#Beleid)
+- [Modules, Screens and Content](../../../../Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md)
+- [🧰 Resource portal](🧰%20Resource%20portal.md)
+- [Topical InfoSec Kanban’s](../../../../Literature%20notes/Topical%20InfoSec%20Kanban’s.md)

Corpus/Standards/ISO27x/legacy/iso27DIY mk I/ISO27DIY Implementation method.md

@@ -71,7 +71,7 @@ Take into consideration that there are specific requirements for 'documented inf
 
 
 ## Tooling provisions
-- [About ISO27DIY Policy Cards](../About%20ISO27DIY%20Policy%20Cards.md)
+- [About ISO27DIY Policy Cards](About%20ISO27DIY%20Policy%20Cards.md)
 - [ISO27DIY Kanban board](ISO27DIY%20Kanban%20board.md)
 
 ## Related

Corpus/Standards/ISO27x/legacy/iso27DIY mk I/Working back from the Annex A dashboard.md

@@ -1,5 +1,5 @@
 Start with the [](../../../../Attachments/ISO%2027001%20Implementatie%20dashboard%20Annex%20A.xlsx) as a framework.
 Every cell gets one or more corresponding [ISO27DIY Kanban board](ISO27DIY%20Kanban%20board.md) items. So they are all linked to at least one of the ISO 27001 controls or ISO 27001 clauses.
 
-Note that in this approach all [About ISO27DIY Policy Cards](../About%20ISO27DIY%20Policy%20Cards.md), [Advised Documents for ISO 27001](../../../../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md), and identified risks and controls will appear on the Kanban board, directly or indirectly.
+Note that in this approach all [About ISO27DIY Policy Cards](About%20ISO27DIY%20Policy%20Cards.md), [Advised Documents for ISO 27001](../../../../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md), and identified risks and controls will appear on the Kanban board, directly or indirectly.