ISO 27001 Information Security - How to write documentation and where to start

Z

zillah

At work I have been asked to work on ISO 27001, because my company looking to be certified against ISO 27001.

I do not how to start, how to write documentations,because I have not done that before

I have gone through ISO 17799, which is general rules, but I can not translate that to match what I have at work (real life).

Any guide or advice ?

Regards
 

Sidney Vianna

Post Responsibly
Leader
Admin
Re: ISO 27001 and how to documentation

You might have to wait to get a copy of ISO/IEC 27003 ISMS implementation guidance because the document is under development.

Or you can browse around. A good starting point is the International ISMS Users Group @ http://www.xisec.com/
 

harry

Trusted Information Resource
Re: ISO 27001 - How to write documentation and where to start

On the right hand side of this post (part of the right hand side bar of this page), you will see "Praxion Research Group" - just above 'Jim Wynne's Quality Blog'. Just click on it and you can find some useful information on ISO 27001 & ISO 17799.

Regards.
 
Z

zillah

Re: ISO 27001 - How to write documentation and where to start

Just click on it and you can find some useful information on ISO 27001 & ISO 17799.
I have been through this before, but it is general information, and I find difficulty to interpret that to practical document,,,this is what i meant by :
I have gone through ISO 17799, which is general rules, but I can not translate that to match what I have at work (real life).
 

harry

Trusted Information Resource
Re: ISO 27001 - How to write documentation and where to start

At work I have been asked to work on ISO 27001, because my company looking to be certified against ISO 27001.

I do not how to start, how to write documentations,because I have not done that before

I have gone through ISO 17799, which is general rules, but I can not translate that to match what I have at work (real life).

Any guide or advice ?

Regards

For a start Zillah, can you let us know if you had gone through any relevant training, read any books or just trying to start from scratch. I find it hard to answer your question because its too general.

Regards.
 
Z

zillah

Re: ISO 27001 - How to write documentation and where to start

can you let us know if you had gone through any relevant training, read any books
I have not been through any training , I did quick review to ISO 17799 .

trying to start from scratch.
I am trying to start from scratch, i have not done that before, this is my first time.

I find it hard to answer your question because its too general.
I will be glad to answer any question you want to clarify

Regards
zillah
 

harry

Trusted Information Resource
Re: ISO 27001 - How to write documentation and where to start

I am sorry Zillah but to be able to involve yourself in the documentation process, you need certain amount of knowledge which you may be able to gain by the following process:

1. Get yourself a copy of standard and read to understand it.
2. Attend some relevant training. ISO 27001 is industry specific and not general like ISO 9001. You need to have industry specific training! As it's quite a new standard, there are not much info in the net - unlike ISO 9001.
3. At the worst, you may need to work with some knowledgeable people such as consultants.

Let's see what the others have to say.

Regards.
 
Top Bottom