ISO 27001/GDPR Know-how Set

Ready-to-buy ISO 27001/GDPR know-how set – Information Security Management System

ISO 27001 - System Zarządzania Bezpieczeństwem Informacji
Know-how set description

This know-how set defines ISO 27001/GDPR compliant Information Security Management System for Organizations. Its goal is to assure information security, including the protection of personal data (GDPR). The know-how set includes required policies, procedures, instructions and document templates. It covers also trainings, competency profiles, tools and external sources of information. All the aforementioned content is grouped around Roles required by ISO 27001 and GDPR regulations. By buying the know-how set an Organization can promptly deploy Information Security Management System and achieve ISO 27001 certification.

In addition to that, the know-how set helps to meet the requirements of General Data Protection Regulation and defines a personal data management system. The know-how set also supports ISO 27001 audits and personal data security audits.

ISO 27001/GDPR know-how set is recommended for Organizations which want to assure information security and the security of processing personal information.

Disclaimer
The know-how set, in addition to the template content, also contains some empty elements which have to be prepared in the process of defining an Information Security Management System. This is derived from the fact that such content is organization-specific.

ISO 27001/GDPR know-how set statistics

Total

103

Roles

7

Information contexts

7

ISMS content

61

Education content

12

ISO 27001/GDPR know-how set elements

Organization (23)
Roles (7)
  • Contractor
  • Data Protection Officer
  • Employee
  • Information Security Officer
  • Internal Auditor
  • IT System Administrator
  • Top Management
Contexts (7)
  • Acquisition
  • GDPR
  • Human Resources
  • IT Administration
  • Physical Security
  • Quality Management
  • Security
Normative sources (9)
  • 9 regulations and standards, including:
  • ISO 27001
  • General Data Protection Regulation
Know-how (72)
Policies (15)
  • Acceptable Use Policy
  • Access Control Policy
  • Access to Network and Network Services Policy
  • Backup Policy
  • Clean Desk and Clean Desktop Policy
  • External Communication Policy
  • Information Classification Policy
  • Information Security Policy
  • Information Security Risk Management Policy
  • Information Transfer Policy
  • Management of Removable Media Policy
  • Mobile Devices Policy
  • Password Management Policy
  • Policy of Information Security in Relations with Suppliers
  • Policy on the Use of Cryptographic Controls
Processes (10)
  • Access Control Process
  • Assets Management Process
  • Audit Management Process
  • Business Continuity Management Process
  • Change Management Process
  • Management Review Process
  • Operations Management Process
  • Purchasing Process
  • Risk Management Process
  • Security Incident Handling Process
Procedures (10)
  • Disposal of Removable Media Procedure
  • Documents and Records Control Procedure
  • Internal Audit Procedure
  • Management Review Procedure
  • Nonconformities and Corrective Actions Management Procedure
  • Procedure for Responding to Security Incidents
  • Procedure for Responding to Security Weaknesses
  • Procedure for the Management of Risks Related to Information Security
  • Procedure for Working in Secure Areas
  • Procedures for Individual Rights Execution in Data Processing
Instructions (7)
  • Computer User Instructions
  • Instruction for Granting Rights in the Access Control System
  • Instruction for Handling Extraordinary IT Situations
  • Instruction for Information Security in Project Management
  • Instruction for Protecting Secure Areas
  • Instructions for Equipment and Infrastructure Maintenance
  • Recruitment Process Instructions
Ins/Outs (30)
  • Access Control: Procedures
  • Agreement Regulating Access Rights
  • Asset Information
  • Asset Supplementary Information
  • Assets Inventory
  • Audit Plan
  • Audit Programme
  • Audit Report
  • Business Continuity Plan
  • Clearance Sheet
  • ISMS – Monitoring and Measurements
  • ISO 27001 Implementation Plan
  • Management Review Report
  • MS Excel Document Template
  • MS Word Document Template
  • Non-competition and Information Confidentiality Agreement
  • Nonconformity Card
  • Operations Management Plan
  • Opportunity for Improvement
  • Organization Context
  • Purchase Requirements
  • Purchase Specification
  • Record of Categories of Processing Activities
  • Record of Processing Activities
  • Risk Assessment
  • Risk Treatment Plan
  • Risks and Vulnerability Base
  • Security Incident
  • Statement of Applicability
  • Supplier Agreement
Education (8)
Trainings (2)
  • Training on Information Security Vulnerabilities
  • Training on the Information Security Management System
Guidelines (2)
  • Competence Profile: Information Security Officer
  • Competence Profile: Top Management
Tools (4)
  • KeePass
  • Access Control System
  • Change Management System
  • Remote Access System
Knowledge Bits (0)

Ask about the price of this know-how set

Name*

Phone*

Email*

Organization name*

Organization size*

I am interested in*

Your message

Pro4People sp. z o.o., based in Wrocław at Wołowska 18 (postal code 51-116), is the controller of the personal data. Data submission is voluntary, albeit necessary to process the inquiry. The data will not be transferred to other recipients. I have been informed that I have the right to access my data, modify it, and demand to cease its processing.