Welcome to the Wiki of Compleye Online

Templates

Compleye provides templates for multiple frameworks. In the table below you can find a list of templates – with a reference to frameworks.

Templates will be reviewed on a yearly base by Compleye – if needed more often, we will keep you informed about the updates.

How to use:

  1. Download the template
  2. Header: add your logo or just ad your name of the company – leave the label (For internal use only – or public in the header)
  3. Footer: add a version number and data
  4. Review the template (add, adjust to your needs)
  5. Save the document in your own repository
  6. Upload pdf in section Policies & Procedures More info in the wiki section Policies & Procedures
  • All policies and procedures will need to be uploaded in Section Policies & Procedures section.
  • All assessments will need to be uploaded (once finalised) in specific Assessment section.
  • All role descriptions will need to be uploaded in HR and Organisation section

Template Name

Remarks

Related to Section

Frameworks

Audit Tips

list of tips to prepare for audit

general


Authorities &
External Feeds and resources


list all sources of information how to keep yourself updated on security and privacy issues

ISO 27001


Backup Policy


for data and source
code


X-ray – Data Servers
X-ray – Source Code

ISO 27001


Business Continuity
Plan (BCP) – generic


If you start your
ISMS – use this generic template


BCP

ISO 27001


Business Continuity
Plan (BCP) – Technical


If you have already
more mature ISMS – use this template with connection to mature DRP


BCP

ISO 27001


Change Management
Procedure


How changement is
organised


X-ray sections –
Change and Impact Checklist

ISO 27001


Checklist IN en OUT


Onboarding and
Offboarding of Staff- create templates for Checklist IN and OUT


Checklists

ISO 27001


Compliance Officer
Role (CO)


Store in HR and
Organisation section

ISO 27001


Cookie Policy


Content and tips for
your websites


End-User
documentation

ISO 27001


Cryptography Policy


document all that
needs to be encrypted.


X-ray – Data Servers

ISO 27001


Data Breach Policy


follow up on the
Incident Management Policy


Data Breaches

ISO 27001
GDPR


Data Classification
Policy


List all your data
sources and classify


Data Classification

ISO 27001
GDPR


Data Privacy Impact
Assessment (DPIA)


If you are a data
controller, it is mandatory to have a DPIA. you can of course perform a DPIA
if you wish


DPIA

ISO 27001
GDPR


Data Retention
Policy


Keep track on legal
retention time of data


GDPR

ISO 27001
GDPR


Data Subject Right (DSR) Policy


How to handle
end-user GDPR-requests


user GDPR requests

ISO 27001
GDPR


Disaster Recovery
Plan (DRP)


Your scenario’s and
test plans.


DRP / PEN testing

ISO 27001


GDPR Assessment


general data
protection assessment


GDPR

ISO 27001
GDPR


Guideline for
outsourcing development.


things to consider
and organise before you start making use of outsourcing your development.


X-ray – Outsourced
Development

ISO 27001


HR Policy – Code
of Conduct


From recruitment to
offboarding

ISO 27001


Identity and Access
Management


methods for
identifying people and assets

ISO 27001


Incident Management
Procedure


Including CAPA and
template security Report


(security) metrics

ISO 27001


Information Security
Risk Assessment (ISRA) Procedure


How to perform your
security assessment for all X-ray components


ISRA

ISO 27001


Information Security
Risk Assessment (ISRA) Template


per X-ray component
a different tab


ISRA

ISO 27001


Internal Audit (IA)
Criteria & Investigation notes


Procedure refers to this excel – to check criteria and list your notes


Internal Audit

ISO 27001


Internal Audit (IA)
Procedure


describes how
Internal Audit will be performed.


Internal Audit

ISO 27001


Internal Auditor
Role (IA)


Store in HR and
Organisation section

ISO 27001


ISMS & Business
Processes 1


word document – go
over topic by topic. this is part of your BCP


BCP

ISO 27001


ISMS & Business
Processes 2


excel overview with
all topics in 1 view. Choose between Excel or Word version


BCP

ISO 27001


ISMS Communication
Policy


How the ISMS Team
communicates

ISO 27001


ISMS Mandatory
ISO27001 Topics


This addresses all
topics related to Chapters 4-10.


Explains how
Compleye Online is organised

ISO 27001


Management Review
Template


If you are not
making use of the improvement sections – you can use this word template
version



ISO 27001


Password Management
Policy


Access Management

ISO 27001


PEN Testing Policy


Guidelines for PEN
Testing


DRP / PEN testing

ISO 27001


Privacy Officer Role (PO)


Store in HR and
Organisation section

ISO 27001
GDPR


Privacy Statement


Policy for your
website


End-User
documentation

ISO 27001
GDPR


Register of
processing activities (ROPA)


only for personal
data

ISO 27001
GDPR


Risk and
Opportunities Policy


including the risk
treatment (improvement) procedure


Improvents and all
assessments sections

ISO 27001


Security (privacy) Awareness
Training – slides


a list of all
mandatory topics to address during security awareness training + example of
quiz questions


Training

ISO 27001
GDPR


Security Officer
Role (SO)


Store in HR and
Organisation section

ISO 27001


Security Policy


general and main
policy, available for stakeholders upon request

ISO 27001
GDPR


Software Development
Life Cycle (SDCL)


Guidelines – topics
to address and document in your own tooling


X-ray – Development
Team

ISO 27001


Statement of
Applicability (2 x)


empty and pre-filled
options

ISO 27001


Supplier Management
Procedure


from selection to
off-boarding, including template checklists


Suppliers Overview,
Supplier Assessment Checklists

ISO 27001


Threat Intelligence
Procedure


New topic in 2022
version – a practical approach.


Security meetings,
wiki content and ISRA

ISO 27001


Workspace &
Equipment Policy

describes the rules how to handle equipment and how the (online) office is organised.

ISO 27001
GDPR

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.