Vault restructure
This commit is contained in:
parent
d45797d121
commit
ff77508bd1
1433 changed files with 415450 additions and 1201 deletions
|
|
@ -0,0 +1,32 @@
|
|||
# About ISO27DIY Policy Cards
|
||||
|
||||
Policies are part of the collection of [Advised Documents for ISO 27001](../../../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md).
|
||||
|
||||
These could have the shape of 'Policy Cards', produced at the end of each session of the [📼 ISO27DIY Video Series](iso27DIY%20mk%20I/📼%20ISO27DIY%20Video%20Series.md).
|
||||
|
||||
Because the policies produced at the end of a session need to be expanded and adapted to the organization, there will be a corresponding action in the ISMS planning.
|
||||
|
||||
At first they will only mention Goal, Method and Responsibilities (and version info of course).
|
||||
The cards will reference ISMS clauses in the Strategy/Context/Planning phase.
|
||||
|
||||
Later, Metrics (to establish effectiveness) and Evaluation (typically referring to review meetings) will be added.
|
||||
|
||||
After the Risk and Assets phase – more specifically, after the asset categories have been identifies – Policy Cards will (also) reference Annex A Controls.
|
||||
|
||||
Policy Cards are generated from risks identified and controls defined. They are not editable. They *can* be exported to an (editable) document.
|
||||
|
||||
A Policy Card has a fixed format, see [ISO27DIY Policy Card template](iso27DIY%20mk%20I/📒%20Templates/ISO27DIY%20Policy%20Card%20template.md).
|
||||
|
||||
ISO 27002:2013 offers the following guidance for A 5.1.1 Policies for information security: “These policies should be communicated to employees and relevant external parties in a form that is relevant, accessible and understandable to the intended reader, e.g. in the context of an ‘information security awareness, education and training programme’ ”.
|
||||
|
||||
Related ISO clauses and controls:
|
||||
- [ISO 27001 A 5.1.1 Policies for information security](ISO%2027001%202013/ISO%2027001%20A%205.1.1%20Policies%20for%20information%20security.md)
|
||||
- [ISO_27001_OT C 5.2 Policy](ISO%2027001%202013/ISO_27001_OT%20C%205.2%20Policy.md)
|
||||
|
||||
|
||||
Related ideas:
|
||||
- [ISO27DIY Recipe for Policy Cards](iso27DIY%20mk%20I/ISO27DIY%20Recipe%20for%20Policy%20Cards.md)
|
||||
- [BC5701_Training_Tab_03_MS](../../BC%205701/BC5701_Training_Tab_03_MS.md#Beleid)
|
||||
- [Modules, Screens and Content](../../../💡Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md)
|
||||
- [🧰 Resource portal](iso27DIY%20mk%20I/🧰%20Resource%20portal.md)
|
||||
- [Topical InfoSec Kanban’s](../../../📚️%20Literature%20notes/Topical%20InfoSec%20Kanban’s.md)
|
||||
Loading…
Add table
Add a link
Reference in a new issue