top of page
Search

ISO 27001 Implementation Guidance: ISMS Structure

  • Andy Whillance
  • Nov 29, 2019
  • 1 min read

One misnomer that I most often hear is that ISO 27001 implementation will need the creation of hundreds of information security policies and procedures. There are many toolkits available, and they contain a fairly large number of documents which reinforces this idea. It is simply not the case. The list of documents required is actually fairly small.

The following diagram shows a complete set of documentation that could support ISO 27001 certification.

ree

The simpler your Information Security Management System (ISMS) is, the easier it is to maintain. And the fewer documents you have, the easier it is for your employees to find the information they need.

Don't overcomplicate things. Keep it simple.

 
 
 

Recent Posts

See All
ISO 27001:2022 Transition

2025 is the last year that companies have to transition to the new version of ISO 27001. All certificates need to be transferred to this...

 
 
 

0141 43 27001

  • LinkedIn

Whiteharbour Ltd reg number SC642328
©2019 by Whiteharbour Ltd

bottom of page