ISO 27001 Tutorial 1 – Organisation Overview

The easiest document to produce this documents you and information you already should have readily available. It is a useful document to have for audit purposes and collates a lot information about your organisation in a handy document.

ISO 27001 Tutorial 2 – Context of Organisation

It covers the context that influences the information security management system in your organisation. It looks at internal and external issues that affect the management system as well as interested parties, or stake holders, that have requirements on and from the information security management system ( ISMS )

ISO 27001 Tutorial 3 – Defining Scope

It covers the scope statement that will appear on your ISO 27001 certificate and also the areas that are in scope and those that are out scope for your information security management system (ISMS)

ISO 27001 Tutorial 4 – Legal Register

It covers what standards apply to you, what laws apply to you, what regulatory requirements apply to you and what contractual requirements apply to you that affect the information security management system. It should be reviewed and approved by legal counsel.

ISO 27001 Tutorial 5 – Asset Register

You cannot protect what you do not know. Having an asset register is fundamental to understanding what you will protect. Both a data asset register and a hardware asset register. This covers what is included, what is needed and how to create and manage.

ISO 27001 Tutorial 6 – Statement of Applicability

It covers the Statement of Applicability that is often requested by clients and is part of the ISO 27001 certification. As a minimum it covers the 114 controls of ANNEX A.

How to create and use an information security policy

How to create a risk register

How to create a legal register

How to build a competency matrix