Chapter 8. Documentation
Your risk assessment determines the controls that have to be deployed in your ISMS, and your Statement of Applicability identifies the controls that you are deploying in the light of your approach to risk management. Every one of those controls, together with your approach to identifying and managing risk, your management structure, your decision-making processes and every other component of your information security management system has to be documented, as a point of reference, as the basis for ensuring that there is consistent application over time, and to enable continuous improvement.
Documentation will be the most time consuming part of the total project and, therefore, how you decide to tackle this aspect will be ...
Get Nine Steps to Success: An ISO 27001 Implementation Overview now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.