Qualcuno usa modelli di procedure pubblicamente disponibili (o relativamente economici) per ISO 27001 per costruire un proprio sistema di gestione della sicurezza delle informazioni che possa essere conforme allo standard. Qualche raccomandazione?
Dopo questo sistema di costruzione organico l'hai certificato? O cruciale è stato raggiungere parametri e comportamenti del personale paragonabili, non documenti ufficiali?
Qualcosa come questo dal forum ISO27k? Ho trovato anche un sacco di modelli a pagamento.
Come richiesto. Dal sito collegato:
The FREE ISO27k Toolkit consists of a collection of ISMS-related materials contributed by members of the ISO27k Forum, either individually or through collaborative working groups organized on the Forum. We are very grateful for their community-spirited generosity in allowing us to share them with you.
The Toolkit is a work-in-progress: further contributions are most welcome, whether to fill-in gaps or provide additional examples of the items listed below.
Please observe the copyright notices and Terms of Use.
IMPORTANT DISCLAIMER: this is generic information donated by various individuals with differing backgrounds, competence and expertise, working for a variety of organizations in various contexts. The ISO27k Toolkit is provided as a starting point for you to consider, adapt and enhance as necessary to suit your specific situation. Your information security risks are unique, so it is incumbent on you to assess and treat your risks as you and your management see fit. Don’t blame us if the ISO27k Toolkit is unsuitable or inadequate for your circumstances: we are simply trying to help!
Leggi altre domande sui tag business-risk iso27000