Security Policies & Procedures

You will need to have a number of Policies & Procedures in place to comply with ISO27001.
At the end ISO27001 is a standard for an Information Security Management System – and Audit companies still consider documentation the best evidence. 

Compleye Online is a tool that represents that management system, embedding evidence, not only for security; we have already features in place for privacy and quality as well. However we cannot capture security, privacy and quality just by adding documents – you will need to proof that live up to the policies and procedures that you have adopted. That evidence are called records and you can add these records in Compleye Online. 

However before you can add records, you will need to adopt Policies & Procedures. Mandatory Policy in ISO27001 is: the Security Policy – describing the intentions and ambition (Objectives) you have defined for your ISMS and there are a number of other mandatory topics. We advise you to add in your Security Policy all the Procedures that you will adopt – and review at least yearly. 

In a number of sections we refer to certain templates (procedure/policies/checklists or other documents) and during onboarding of DIY Compleye Online, you will receive the Documentation Toolkit with all the templates. 

Create in your own Documentation Storage a Compliance folder with all Templates you will adopt and make them available for all your team members – that is a mandatory requirement for ISO27001. You can select what documents you will share with Team members in a subfolder. Once you have defined an approved documents, you can add them also to some of the Compleye Online subsection in feature Procedure/Info – to make them easy accessible for your ISMS Team members when needed. 

Below an overview of all Templates in the Documentation Toolkit. 
The section Policies & Procedures is still under development – however you can already upload your adopted and approved documentation with an owner. 

We have tried to keep the documents as simple and short as possible – under the ISO27001 requirement restrictions. So most of them are no longer than 1- 2 pages. 

A good way to start is to assign owners and read the content, customize where needed to your own needs and situation and let them be reviewed by a second person before finally approving them on C-Level. 

Make sure that every document has: an owner, a date of approval and a version (number or date) on it. Store it in your own folder and when this section is ready – add to the list. 

Make sure you will have a control in place to review the documentation on a yearly base. 

More or new templates, checklist can be added to the Toolkit – due to changes in the ISO27001 standard or during certification process with other clients of Compleye. We will then inform you and make those available for you. 

  Name of Template  Compleye Online Section type 
1 Mandatory ISO27001 Topics Strategy & Ambition / Organisation & Context
(and other topics addressed in wiki and ISO27001)
ppt
2 Access Management Policy Security Policies & Procedures doc
3 Backup Procedure Security Policies & Procedures doc
4 Business Continuity Assessment Procedure Risks & Opportunities / Business Continuity Plan doc
5 CAPA Outline Procedure Security Policies & Procedures doc
6 Code of Conduct Security Policies & Procedures doc
7 Cookie Policy Legal & Compliance / GDPR / User Documentation doc
8 Cryptography Policy Security Policies & Procedures doc
9 Data Breach Procedure  Security Policies & Procedures doc
10 Data Classification Policy Security Policies & Procedures doc
11 Data Processor Policy Security Policies & Procedures doc
12 Data Protection Impact Assessment Risks & Opportunities / Data Privacy Impact Assessment doc
13 Data Retention Procedure Security Policies & Procedures doc
14 Disaster Recovery Plan Risks & Opportunities / DRP doc
15 GDPR Assessment Risks & Opportunities / GDPR Assessment xls
16 Hardware Security Policy Security Policies & Procedures doc
17 HR Checklist Security Policies & Procedures doc
18 Human Resources Policy Security Policies & Procedures doc
19 Improvement Procedure Security Policies & Procedures doc
20 Information Security Communication Policy Security Policies & Procedures doc
21 Intellectual Property Statement Legal & Compliance / Intellectual Property doc
22 Internal Privacy Policy Security Policies & Procedures doc
23 ISRA Procedure Security Policies & Procedures doc
24 ISRA Template Risks & Opportunities / ISRA xls
25 Log and monitoring Policy Security Policies & Procedures doc
26 Offboarding Procedure Security Policies & Procedures doc
27 Onboarding Procedure Security Policies & Procedures doc
28 Open Source Components Policy Security Policies & Procedures doc
29 Password Management Policy_Team Members Security Policies & Procedures doc
30 PENTesting Procedure Security Policies & Procedures doc
31 Privacy Statement_Notice_ExternalUse Legal & Compliance / GDPR / User Documentation doc
32 SDLC Procedure Guidelines Security Policies & Procedures doc
33 Security Policy Security Policies & Procedures doc
34 Staff Attendance Policy Security Policies & Procedures doc
35 Supplier Management Policy Security Policies & Procedures doc

Add new policy

Field Name Description Example
Policy name Select the policy from the drop down list or select other to type the name of the Policy Privacy Policy
Owner Select a team member who is responsible for updating and reviewing the Policy {name}
Description free text field to describe content of the policy  end user documentation 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.