Scribd
Upload
353 views6 pages

Isms Policy List

The document provides a list of documents related to an Information Security Management System (ISMS) for an organization. It includes 63 documents organized across 18 appendices covering various ISMS topics such as policies, procedures, guidelines, forms, and technical architecture documents. Key document categories include information security policies, organization of information security, asset management, access control, physical and environmental security, operations security, communications security, supplier relationships, information security incident management, business continuity management, and compliance. It also lists forms and templates as well as policy manuals to aid in implementing policies.

Uploaded by

Aviraj Sarkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
353 views6 pages

Isms Policy List

The document provides a list of documents related to an Information Security Management System (ISMS) for an organization. It includes 63 documents organized across 18 appendices covering various ISMS topics such as policies, procedures, guidelines, forms, and technical architecture documents. Key document categories include information security policies, organization of information security, asset management, access control, physical and environmental security, operations security, communications security, supplier relationships, information security incident management, business continuity management, and compliance. It also lists forms and templates as well as policy manuals to aid in implementing policies.

Uploaded by

Aviraj Sarkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Appendix-A – List of Documents

A5 - Information Security Policies


1. COMPANY_ISMS_Context of Organization ; Scope of the Information Security Management
System; Internal and External issues; Interested Parties (Internal & External Stakeholders)

A6 - Organization of Information Security


Madhav Madhukar / Sushmita Paul / Rituraj / Arindam
2. COMPANY_ISMS_MAN_ ISMS POLICY Manual_v1.0; COMPANY - Org Structurev;
Communication/Data flow diagram(s) for communication with internal and external parties.
3. COMPANY_ISMS_POL_Information Security Policy_v1.0; Information Security Policy and
Objectives
A6-COMPANY_ISMS_FORM_Contact With Authorities
4. COMPANY_ISMS_FW_Information Security Framework_v1.0; Procedures for Working in Secure
Areas

Onkar / Shreshtha / Pragya / Aishwarya


5. COMPANY_ISMS_POL_Risk Management Policy; Risk Assessment and Risk Treatment
Methodology; Risk Treatment Plan
6. COMPANY_ISMS_GL_Risk Management Guidelines; Risk Assessment Report; COMPANY_ISMS
_Risk Assessment and Gap Analysis
7. COMPANY_ISMS _Statement of Applicability (SOA)
8. COMPANY_ISMS_PRO_Project Management Procedure_v1.0

Madhav Madhukar / Sushmita Paul / Rituraj / Arindam


9. COMPANY_ISMS_POL_Bring Your own Device (BYOD) Policy_v1.0; Mobile Device Policy
A6-COMPANY_ISMS_FORM__Mobile Device Status Form
10. COMPANY_ISMS_POL_Remote Working Policy_v1.0; COMPANY_ISMS_Internet Use Policy;
COMPANY_ISMS_Email policy; COMPANY_ISMS_Antivirus policy

A7 - Human Resource Security


Shambhavi / Divya / Atif
11. COMPANY_ISMS_POL_Human Resource Security Policy
12. COMPANY_ISMS_PRO_Human Resource Security Procedure
13. COMPANY_ISMS_PROC_Recruitment and Selection Process
14. COMPANY_ISMS_PROC_Training Process
A7-COMPANY_ISMS_FORM_Training Awareness Form
A7-COMPANY_ISMS_FORM_Employee Training Record Form
15. COMPANY_ISMS_PROC_HR Disciplinary Process
16. COMPANY_ISMS_PROC_HR Exit Process

A8 - Asset Management
Aviraj sarkar / Aashi Jadhav / Raj lakshmi
17. COMPANY_ISMS_POL_Asset Management Policy
18. COMPANY_ISMS_Asset Register (with Master list of records); Definition of Security Roles and
Responsibilities; Segregation of duties; Acceptable Use of Assets with Asset Threats and
Vulnerabilities;
COMPANY_ISMS_PRO_Document and Record Management Procedure_v1.0
19. COMPANY_ISMS_POL_Acceptable Use Policy; COMPANY_ISMS_Info_Classification Labelling
& Handling Procedure
20. COMPANY_ISMS_POL_User Registration and Deregistration Policy_v1.0
21. COMPANY_ISMS_POL_Media Disposal Policy for Information/IT Assets_v1.0
A8-COMPANY_ISMS_FORM_Asset Disposal Forms
A8-COMPANY_ISMS_FORM_Disposal Of Media

A9 - Access Control Policy


Mihir / Kruthath / Shruti / Sudipta / Suchita
22. COMPANY_ISMS_POL_Access Control Policy wide COMPANY_ISMS_POL_Physical and
Environmental Security Policy
23. COMPANY_ISMS_POL_Network Access Control Policy
24. COMPANY_ISMS_POL_Application Access Control Policy_v1.0
COMPANY_ISMS_PRO_Change Management Procedure
COMPANY_ISMS_POL_Clear Desk Clear Screen Policy
25. COMPANY_ISMS_PRO_Password Management Procedure_v1.0
COMPANY_ISMS_FORM_Access Control Forms

A10 - Cryptographic Controls


Mihir / Kruthath / Shruti / Sudipta / Suchita
26. COMPANY_ISMS_POL_Cryptographic Control Policy; Encryption Policy

A11 - Physical and Environmental Security


Madhu / Sramana/ Anik / Soumen / medha
27. COMPANY_ISMS_POL_Physical and Environmental Security Policy
28. COMPANY_ISMS_PRO_Equipment Security Procedure
29. COMPANY_ISMS_POL_Unattended User Equipment Policy
30. COMPANY_ISMS_POL_Clear Desk Clear Screen Policy
31. COMPANY_ISMS_PROC_Data Center Operations Process
32. COMPANY_ISMS_PLAN_Maintenance and Review Plans_v1.0

A12 - OPERATIONS SECURITY


Madhu / Sramana/ Anik / Soumen / medha
33. COMPANY_ISMS_PRO_Record Management Procedure
34. COMPANY_ISMS_PRO_Document and Record Management Procedure
35. COMPANY_ISMS_PRO_Change Management Procedure
A12-COMPANY_ISMS_FORM_Change Request Form
36. COMPANY_ISMS_POL_Capacity Planning Policy
37. COMPANY_ISMS_POL_Hardware and Software Policy
38. COMPANY_ISMS_POL_User Data Backup Policy;
39. COMPANY_ISMS_POL_Backup and Recovery Process
A12-COMPANY_ISMS_FORM_BackUp_Restoration Forms
40. COMPANY_ISMS_POL_Logging and Monitoring Policy
41. COMPANY_ISMS_GL_Security of System Files Guideline
42. COMPANY_ISMS_POL_Individual Software License Policy
43. COMPANY_ISMS_POL_Software Compliance Policy
44. COMPANY_ISMS_PRO_Vulnerability Management Procedure

A13 Communications Security


Aviraj / Aashi / Raj Lashmi
45. COMPANY_ISMS_PROC_Network Security Process
46. COMPANY_ISMS_POL_Information Transfer Policy
A13-COMPANY_ISMS_FORM_Physical Media Transfer Form
47. COMPANY_ISMS_Email policy; Electronic Messaging Policy
48. COMPANY_ISMS_ Confidentiality or Non- Disclosure Policy; wide
COMPANY_ISMS_GL_Supplier Information Security Guidelines

A14 System Acquisition, Development and Maintenance


Yash / Sudipti / Gyan / Ajitesh
49. COMPANY_ISMS_POL_System Acquisition Development and Maintenance Policy
50. COMPANY_ISMS_GL_Software Development Guidelines

A15 Supplier Relationships


Madhu / Sramana/ Anik / Soumen / Medha
51. COMPANY_ISMS_GL_Supplier Information Security Guidelines
52. COMPANY_ISMS_GL_Guidelines for Information Security and Individual Contracts Guidelines
A15-COMPANY_ISMS_FORM_Supplier Security Assessment Questionnaire Form
A15-COMPANY_ISMS FORM_Supplier Evaluation Form- Template 1
A15-COMPANY_ISMS FORM _Supplier Evaluation Form- Template 2

A16 Information Security Incident Management


Ayan / Mihir / Shreshtha
53. COMPANY_ISMS_PRO_Incident Management Procedure
A16-COMPANY_ISMS_FORM_Incident Management Form

A.17 Information Security aspects of Business Continuity Management.


Pragya / Shruti / Mihir / Kruthart / Ayan
54. COMPANY_ISMS_PLAN_Business Continuity Plan; COMPANY_ISMS_PRO_Business
Continuity Management
55. COMPANY_ISMS_PRO_Business_Impact_Analysis Procedure
56. COMPANY_ISMS_PLAN_Disaster Recovery Plan
57. COMPANY_ISMS_PLAN_Exercising and Testing Plan

A18 Compliance
Yash / Sudipti / Gyan / Ajitesh
58. COMPANY_ISMS_POL_Legal Compliance Policy
59. COMPANY_ISMS_POL_Compliance Policy
60. COMPANY_ISMS_POL_Data Protection Policy
61. COMPANY_ISMS_POL_Internal_Audit_Framework Policy
A18-COMPANY_ISMS_FORM_Audit Reporting Forms
62. COMPANY_REPORT_CONFORMITY_NON CONFORMITY OFI WITH CORRECTIVE ACTION
PLAN
63. COMPANY_ISMS _Management Review Form _Minutes of Meeting

FORMS AND TEMPLATES


1. A6-COMPANY_ISMS_FORM_Contact With Authorities
2. A6-COMPANY_ISMS_FORM__Mobile Device Status Form
3. A7-COMPANY_ISMS_FORM_Training Awareness Form
4. A7-COMPANY_ISMS_FORM_Employee Training Record Form
5. A8-COMPANY_ISMS_FORM_Asset Disposal Forms
6. A8-COMPANY_ISMS_FORM_Disposal Of Media
7. A9-COMPANY_ISMS_FORM_Access Control Forms
8. A12-COMPANY_ISMS_FORM_Change Request Form
9. A12-COMPANY_ISMS_FORM_BackUp _ Restoration Forms
10. A13-COMPANY_ISMS_FORM_Physical Media Transfer Form
11. A15-COMPANY_ISMS_FORM_SupplierSecurityAssessmentQuestionnaire
12. A15-COMPANY_ISMS_FORM_Supplier Evaluation Form_ Template 1
13. A15-COMPANY_ISMS_FORM_Supplier Evaluation Form _Template 2
14. A16-COMPANY_ISMS_FORM_Incident Management Form
15. A18-COMPANY_ISMS_FORM_Audit Reporting Forms

TECHNICAL ARCHITECHURE DOCUMENTS AND REVIEW LISTS


• COMPANY_Enterprise Technical Architecture
• COMPANY_Enterprise Security Architecture
• COMPANY_Data Center Facility Management Security
• COMPANY Cloud Server Security Review and Procedure Review
• COMPANY AWS Cloud Application Security Review
• COMPANY Enterprise Application Security VAPT Testing and Risk Review
• COMPANY Web Application Security VAPT Testing and Risk Review
POLICY MANUAL (DIRECT DERIVATIVE OF POLICY, HOW IT NEED TO BE
IMPLEMENTED ON GROUND IN THE ORGAISATION, HANDBOOK WITH ALL
EXECUTION STEPS FOR DIFFERENT STAKHOLDERS)

Policy what needs to be achieved. Policy Manual/Handbook/Manual – Guidelines how it


needs to be implemented, Name of the stakeholders/ functions, with Target timelines / and
if not done what are RISK TYPES, RISK IMPACT and what it would mean if any small
stakeholder has not done its job in time with due diligence

1. SYNOPSIS DESCRIBING THE INTRODUCTION AND OBJECTIVES OF THE


POLICY. – WHAT IS THE POLICY, IN WHAT CONTEXT THE POLICY IS
IMPORTANT FOR THE ORASATION
2. SCOPE OF THE POLICY – detail
3. ORGANISATIONAL CHART WITH STAKEHOLDERS ( board level, Top Mgmnt , CISO
function level, IT function, HR deptt, other different functions)

Responsivities in detail of each function (Tabular form)

4. Policy Execution steps ( Procedure ) –


Leadership Mgmt. Function
CISO function – procedure steps – CISO , security SPOC, other staff for due diligence

It function – IT HEAD, IT SPOC, other IT folks

HR function – HR Head, HR Manager

Other functional unit –

Sales - Head, Security SPOC nominated, other staff members

Operations

Production

Supply Chain

Finance and accounts

Delivery

5. RACI MATRIX ( ACCOUNTABLE , RESPOSNIBLE, CONSULTANT,


INFORMATIVE )
EXECUTION STEP, DEPTT /FUNCTION, (ACCOUNTABLE, RESONSIBILTY, CONSTANCY,
INFORMATIVE ), TARGET TIMELINE,

6. FLOW CHART
7. ASSOCIATED RISK CHART
(RISK CRITIERIA, RISK TYPES, RISK RANKING, RISK IMPACT)

100 PERCENT /75 percent /50 percent /25 percent /0%

RISK LEVEL , RISK TYPE, RISK IMPACT

8. APPENDIX – SAMPLES Different forms Templates and Forms

TARGET DATE : REVIEW DATES :

1ST DATE : 7TH JUNE

2ND DATE : 14TH JUNE

3RD DATE : 18 JUNE

You might also like