# About ISO27DIY Policy Cards Policies are part of the collection of [Advised Documents for ISO 27001](../../../../../iso27DIY-gis/reference/Advised%20Documents%20for%20ISO%2027001.md). These could have the shape of 'Policy Cards', produced at the end of each session of the [šŸ“¼ ISO27DIY Video Series](iso27DIY%20mk%20I/šŸ“¼%20ISO27DIY%20Video%20Series.md). Because the policies produced at the end of a session need to be expanded and adapted to the organization, there will be a corresponding action in the ISMS planning. At first they will only mention Goal, Method and Responsibilities (and version info of course). The cards will reference ISMS clauses in the Strategy/Context/Planning phase. Later, Metrics (to establish effectiveness) and Evaluation (typically referring to review meetings) will be added. After the Risk and Assets phase ā€“ more specifically, after the asset categories have been identifies ā€“ Policy Cards will (also) reference Annex A Controls. Policy Cards are generated from risks identified and controls defined. They are not editable. They *can* be exported to an (editable) document. A Policy Card has a fixed format, see [ISO27DIY Policy Card template](iso27DIY%20mk%20I/šŸ“’%20Templates/ISO27DIY%20Policy%20Card%20template.md). ISO 27002:2013 offers the following guidance for A 5.1.1 Policies for information security: ā€œThese policies should be communicated to employees and relevant external parties in a form that is relevant, accessible and understandable to the intended reader, e.g. in the context of an ā€˜information security awareness, education and training programmeā€™ ā€. Related ISO clauses and controls: - [ISO 27001 A 5.1.1 Policies for information security](ISO%2027001%202013/ISO%2027001%20A%205.1.1%20Policies%20for%20information%20security.md) - [ISO_27001_OT C 5.2 Policy](ISO%2027001%202013/ISO_27001_OT%20C%205.2%20Policy.md) Related ideas: - [ISO27DIY Recipe for Policy Cards](iso27DIY%20mk%20I/ISO27DIY%20Recipe%20for%20Policy%20Cards.md) - [BC5701_Training_Tab_03_MS](../../BC%205701/BC5701_Training_Tab_03_MS.md#Beleid) - [Modules, Screens and Content](../../../Drafts%20and%20Ideas/Modules,%20Screens%20and%20Content.md) - [šŸ§° Resource portal](iso27DIY%20mk%20I/šŸ§°%20Resource%20portal.md) - [Topical InfoSec Kanbanā€™s](../../../Literature%20notes/Topical%20InfoSec%20Kanbanā€™s.md)