Security Policies & Procedures

You will need to have a number of Policies & Procedures in place to comply with ISO27001.
At the end ISO27001 is a standard for an Information Security Management System – and Audit companies still consider documentation the best evidence. 

Compleye Online is a tool that represents that management system, embedding evidence, not only for security; we have already features in place for privacy and quality as well. However we cannot capture security, privacy and quality just by adding documents – you will need to proof that live up to the policies and procedures that you have adopted. That evidence are called records and you can add these records in Compleye Online. 

However before you can add records, you will need to adopt Policies & Procedures. Mandatory Policy in ISO27001 is: the Security Policy – describing the intentions and ambition (Objectives) you have defined for your ISMS and there are a number of other mandatory topics. We advise you to add in your Security Policy all the Procedures that you will adopt – and review at least yearly. 

In a number of sections we refer to certain templates (procedure/policies/checklists or other documents) and during onboarding of DIY Compleye Online, you will receive the Documentation Toolkit with all the templates. 

Create in your own Documentation Storage a Compliance folder with all Templates you will adopt and make them available for all your team members – that is a mandatory requirement for ISO27001. You can select what documents you will share with Team members in a subfolder. Once you have defined an approved documents, you can add them also to some of the Compleye Online subsection in feature Procedure/Info – to make them easy accessible for your ISMS Team members when needed. 

Below an overview of all Templates in the Documentation Toolkit. 
The section Policies & Procedures is still under development – however you can already upload your adopted and approved documentation with an owner. 

We have tried to keep the documents as simple and short as possible – under the ISO27001 requirement restrictions. So most of them are no longer than 1- 2 pages. 

A good way to start is to assign owners and read the content, customize where needed to your own needs and situation and let them be reviewed by a second person before finally approving them on C-Level. 

Make sure that every document has: an owner, a date of approval and a version (number or date) on it. Store it in your own folder and when this section is ready – add to the list. 

Make sure you will have a control in place to review the documentation on a yearly base. 

More or new templates, checklist can be added to the Toolkit – due to changes in the ISO27001 standard or during certification process with other clients of Compleye. We will then inform you and make those available for you. 

 Name of Template Compleye Online Sectiontype 
1Mandatory ISO27001 TopicsStrategy & Ambition / Organisation & Context
(and other topics addressed in wiki and ISO27001)
2Access Management PolicySecurity Policies & Proceduresdoc
3Backup ProcedureSecurity Policies & Proceduresdoc
4Business Continuity Assessment ProcedureRisks & Opportunities / Business Continuity Plandoc
5CAPA Outline ProcedureSecurity Policies & Proceduresdoc
6Code of ConductSecurity Policies & Proceduresdoc
7Cookie PolicyLegal & Compliance / GDPR / User Documentationdoc
8Cryptography PolicySecurity Policies & Proceduresdoc
9Data Breach Procedure Security Policies & Proceduresdoc
10Data Classification PolicySecurity Policies & Proceduresdoc
11Data Processor PolicySecurity Policies & Proceduresdoc
12Data Protection Impact AssessmentRisks & Opportunities / Data Privacy Impact Assessmentdoc
13Data Retention ProcedureSecurity Policies & Proceduresdoc
14Disaster Recovery PlanRisks & Opportunities / DRPdoc
15GDPR AssessmentRisks & Opportunities / GDPR Assessmentxls
16Hardware Security PolicySecurity Policies & Proceduresdoc
17HR ChecklistSecurity Policies & Proceduresdoc
18Human Resources PolicySecurity Policies & Proceduresdoc
19Improvement ProcedureSecurity Policies & Proceduresdoc
20Information Security Communication PolicySecurity Policies & Proceduresdoc
21Intellectual Property StatementLegal & Compliance / Intellectual Propertydoc
22Internal Privacy PolicySecurity Policies & Proceduresdoc
23ISRA ProcedureSecurity Policies & Proceduresdoc
24ISRA TemplateRisks & Opportunities / ISRAxls
25Log and monitoring PolicySecurity Policies & Proceduresdoc
26Offboarding ProcedureSecurity Policies & Proceduresdoc
27Onboarding ProcedureSecurity Policies & Proceduresdoc
28Open Source Components PolicySecurity Policies & Proceduresdoc
29Password Management Policy_Team MembersSecurity Policies & Proceduresdoc
30PENTesting ProcedureSecurity Policies & Proceduresdoc
31Privacy Statement_Notice_ExternalUseLegal & Compliance / GDPR / User Documentationdoc
32SDLC Procedure GuidelinesSecurity Policies & Proceduresdoc
33Security PolicySecurity Policies & Proceduresdoc
34Staff Attendance PolicySecurity Policies & Proceduresdoc
35Supplier Management PolicySecurity Policies & Proceduresdoc

Add new policy

Field NameDescriptionExample
Policy nameSelect the policy from the drop down list or select other to type the name of the PolicyPrivacy Policy
OwnerSelect a team member who is responsible for updating and reviewing the Policy{name}
Descriptionfree text field to describe content of the policy end user documentation 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.