ISO 27001 policies are the foundation of your information security management system. Policies are statements of what you do. They are not statements of how you do it. How you do it is covered in process documents. It is possible to create one Mahoosive Information Security Management Policy with lots of sections and pages but in practice breaking it down into manageable chunks allows you to share it with the people that need to see it, allocate it an owner to keep it up to date and audit against it. Creating modular policies allows you to plug and play across an number of information security standards including SOC1, SOC2, PCI DSS, NIST and more. To create them yourself you will need a copy of the relevant standards and about 4 hours per policy. ISO 27001 has 23 base policies. That is a minimum of 92 hours writing policies. Thank fully we have created these for you. Either purchase stand alone or part of our deployments here’s what they are. Drink it in.