ISO 27001 Information Security - How to write documentation and where to start

Z

zillah

#1
At work I have been asked to work on ISO 27001, because my company looking to be certified against ISO 27001.

I do not how to start, how to write documentations,because I have not done that before

I have gone through ISO 17799, which is general rules, but I can not translate that to match what I have at work (real life).

Any guide or advice ?

Regards
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
Admin
#2
Re: ISO 27001 and how to documentation

You might have to wait to get a copy of ISO/IEC 27003 ISMS implementation guidance because the document is under development.

Or you can browse around. A good starting point is the International ISMS Users Group @ http://www.xisec.com/
 

harry

Super Moderator
#3
Re: ISO 27001 - How to write documentation and where to start

On the right hand side of this post (part of the right hand side bar of this page), you will see "Praxion Research Group" - just above 'Jim Wynne's Quality Blog'. Just click on it and you can find some useful information on ISO 27001 & ISO 17799.

Regards.
 
Z

zillah

#4
Re: ISO 27001 - How to write documentation and where to start

Just click on it and you can find some useful information on ISO 27001 & ISO 17799.
I have been through this before, but it is general information, and I find difficulty to interpret that to practical document,,,this is what i meant by :
I have gone through ISO 17799, which is general rules, but I can not translate that to match what I have at work (real life).
 

harry

Super Moderator
#5
Re: ISO 27001 - How to write documentation and where to start

At work I have been asked to work on ISO 27001, because my company looking to be certified against ISO 27001.

I do not how to start, how to write documentations,because I have not done that before

I have gone through ISO 17799, which is general rules, but I can not translate that to match what I have at work (real life).

Any guide or advice ?

Regards
For a start Zillah, can you let us know if you had gone through any relevant training, read any books or just trying to start from scratch. I find it hard to answer your question because its too general.

Regards.
 
Z

zillah

#6
Re: ISO 27001 - How to write documentation and where to start

can you let us know if you had gone through any relevant training, read any books
I have not been through any training , I did quick review to ISO 17799 .

trying to start from scratch.
I am trying to start from scratch, i have not done that before, this is my first time.

I find it hard to answer your question because its too general.
I will be glad to answer any question you want to clarify

Regards
zillah
 

harry

Super Moderator
#7
Re: ISO 27001 - How to write documentation and where to start

I am sorry Zillah but to be able to involve yourself in the documentation process, you need certain amount of knowledge which you may be able to gain by the following process:

1. Get yourself a copy of standard and read to understand it.
2. Attend some relevant training. ISO 27001 is industry specific and not general like ISO 9001. You need to have industry specific training! As it's quite a new standard, there are not much info in the net - unlike ISO 9001.
3. At the worst, you may need to work with some knowledgeable people such as consultants.

Let's see what the others have to say.

Regards.
 
Thread starter Similar threads Forum Replies Date
R ISO 27001 A.8.2.2 Information Security Awareness, Education and Training IEC 27001 - Information Security Management Systems (ISMS) 10
K Information Classification Labeling - ISO/IEC 27001:2005 Labeling Requirements IEC 27001 - Information Security Management Systems (ISMS) 1
P ISO 27001 Information IEC 27001 - Information Security Management Systems (ISMS) 8
P ISO 27001:2005 Information Security Management System - Revision Status IEC 27001 - Information Security Management Systems (ISMS) 5
C ISO 27001 compliant Information Security Log IEC 27001 - Information Security Management Systems (ISMS) 8
S Internal Audits to ISO 27001 (Information Security) Internal Auditing 3
I Statement of Applicability per ISO 27001:2005 Information Security - Seeking Example Other ISO and International Standards and European Regulations 5
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
T ISO 27001 sample audit report IEC 27001 - Information Security Management Systems (ISMS) 0
M Choosing Auditors - ISO 9001 / ISO 27001 (UK) IEC 27001 - Information Security Management Systems (ISMS) 2
M ISO 27001 ISMS scope for companies with subsidiaries IEC 27001 - Information Security Management Systems (ISMS) 0
S How to Learn all aspects of ISO 27001:2013 | The best way to grab the knowledge on 27001:2013 (Step by Step) IEC 27001 - Information Security Management Systems (ISMS) 7
P Relevance of Offsite backups process compliance and ISO 27001 certification. IEC 27001 - Information Security Management Systems (ISMS) 3
P Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1 IEC 27001 - Information Security Management Systems (ISMS) 3
P What is the exact difference between Risk and Opportunity in context of ISO 27001? IEC 27001 - Information Security Management Systems (ISMS) 7
L Implementation of ISO 27001 as part of the GDPR compliance journey Other Medical Device Related Standards 2
Le Chiffre Is ISO/IEC 27001 appropriate for most small businesses? IEC 27001 - Information Security Management Systems (ISMS) 2
A Policies Mandatory or essential for ISO 27001 implementation IEC 27001 - Information Security Management Systems (ISMS) 6
A ISO/IEC 27001 - Issue during implementation of system IEC 27001 - Information Security Management Systems (ISMS) 3
A ISMS implementation - ISO 27001: 2013 Company Objectives IEC 27001 - Information Security Management Systems (ISMS) 1
B Integrating ISO 9001/27001 External Audits - Audit Time Reduced? Discounts? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
K Risk Assessment Registry - ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
Richard Regalado ISO/IEC 27001:2016 Overview and Vocabulary - FREE! IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado ISO/IEC 27001 Mandatory Documentation Checklist IEC 27001 - Information Security Management Systems (ISMS) 1
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
A ISO 27001 function wise or department wise audit questionnaire with control & clauses IEC 27001 - Information Security Management Systems (ISMS) 3
S Sample document for integrated ISO 20000 & ISO 27001 Other ISO and International Standards and European Regulations 3
W What are the benefits of ISO 27001 for my IT Organization IEC 27001 - Information Security Management Systems (ISMS) 3
S Clarification in organizing required documents for ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 6
A Risk Register template as per ISO 27001:2013 wanted IEC 27001 - Information Security Management Systems (ISMS) 9
Richard Regalado Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 2
S ISO 27001:2013 - How to document Context Of the Organization IEC 27001 - Information Security Management Systems (ISMS) 13
C ISO 27001:2013 ISMS Internal Audit Checklist/Questionnaire IEC 27001 - Information Security Management Systems (ISMS) 24
G ISO 27001 for a Hosting Provider IEC 27001 - Information Security Management Systems (ISMS) 3
P ISO 27001:2013 Clause 4.1 and 4.2 Clarification and Guidance IEC 27001 - Information Security Management Systems (ISMS) 13
W Working in a company where we try to implement ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 9
L Where to purchase ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 3
L Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification IEC 27001 - Information Security Management Systems (ISMS) 2
I ISO 27001:2013 Released - Transition Requirements? IEC 27001 - Information Security Management Systems (ISMS) 6
J ISO 27001 - Business Continuity Event Simulation Testing Business Continuity & Resiliency Planning (BCRP) 8
R Required artifacts (records) for ISO 27001 Auditing IEC 27001 - Information Security Management Systems (ISMS) 9
P What are the benefits of certified ISMS for ISO 27001 standard? IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado DRAFT ISO/IEC 27001:201? ISMS Requirements (Open for Comments!) IEC 27001 - Information Security Management Systems (ISMS) 0
A Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 8
L Time Required to Implement ISO 27001 if ISO 9001 certified & SOX compliant? IEC 27001 - Information Security Management Systems (ISMS) 3
G Customer Property Cl. 7.5.4 - Where does ISO 9001 stop and ISO 27001 start? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
T ISO/IEC 27001 to ISO/IEC 12207 Mapping - Cross Reference Matrix IEC 27001 - Information Security Management Systems (ISMS) 2
T Person in charge's role or responsibility in ISMS? ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 3
Richard Regalado A.15 Compliance - One of the grey areas of ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 7

Similar threads

Top Bottom