R
Ramaiyer
GA all,
I have implemented ISMS in our small IT consulting company. I am the only one working on this project. I have already created the ISMS manual, scope, the policies (29 of them), procedures, Request for Change, document and record handling, corrective and preventive action procedures, security awareness training etc.
I have already given security awareness training and took attendance, employees have acknowledged that they have read the policies and manual, information configuration items auding, security auditing, document auditing records I have collected. Visitors logs, system security monitoring logs, etc are collected. Performed desk top business continuity plan and recorded. Are there (I am sure there are) any other artifacts I need to collect. Can anyone post a list of artifacts they are collecting?.
Thanks
I have implemented ISMS in our small IT consulting company. I am the only one working on this project. I have already created the ISMS manual, scope, the policies (29 of them), procedures, Request for Change, document and record handling, corrective and preventive action procedures, security awareness training etc.
I have already given security awareness training and took attendance, employees have acknowledged that they have read the policies and manual, information configuration items auding, security auditing, document auditing records I have collected. Visitors logs, system security monitoring logs, etc are collected. Performed desk top business continuity plan and recorded. Are there (I am sure there are) any other artifacts I need to collect. Can anyone post a list of artifacts they are collecting?.
Thanks