ISO 27001 and how to document ?

[zillah]

At work I have been asked to work on ISO 27001, because my company (college) looking to be certified against ISO 27001.

I do not how to start, how to write documentations,because I have not done that before

I have gone through ISO 17799 and 27001, which are general rules and cluses, but I can not translate that to match what I have got at work (real life).

Any guide or advice ?

Regards

[Aykut]

Hi Zillah,
let me try ...
* first you need descripe the scope and boundaries - if you want the ISMS to have certified
* look at the process within the scope
* look at the risks that might cause problems to those processes
* define the process owners and the values of the process - in other words workout a risk treatment plan
* look at the relevant clauses
* define a statement of applicability - the SOA will describe the processes, their values and how you avoid possible risks. Descripe why to exclude some clauses
* do you know PDCA? Plan, Do, Check, Act - define monitoring & reviews
* think of trainings and awareness of the involved people

I hope, this will help.

Aykut

[zillah]

Thanks Aykut
Could you kindly send me an email to : forwardtruth@yahoo.com, because i could not find an option for PM within the Forum
Regards

[zillah]

Hi Aykut
I tried to send you an email that you have sent to me , but I was getting error

Thanks

[Aykut]

Hi,
I just sent you another mail adress. Strange ... it should have worked.
Did you just reply to my mail?

Regards,

Aykut