Under starters orders

 

Like an expectant father, I've been anxiously filling-in time before the publication of ISO/IEC 27001:2022, due any day now.

Today, I completed the tedious process of reviewing/updating all our information security policy templates for SecAware.com. 

The complete policy suite comprises 78 topic-specific templates covering a deliberately wide range of information risk and security topics, plus a very succinct (3 page!) overarching Corporate information security policy, an 'Acceptable Use Policy' in desktop and mobile versions, and a cross-reference matrix showing how the policies relate to each other.

Updating the SecAware website is a laborious process due to annoying issues and inconsistencies with the Wix admin interface, adding to the effort required to maintain/update the policies as a coherent and consistent suite, reflecting the advice in ISO/IEC 27002:2022 and - soon - ISO/IEC 27001:2022 Annex A. It's worth it, though, judging by the popularity of the individual policy templates ($20 each) and the whole suite (currently on offer at half price).

Meanwhile, my finger is poised over the button to publish our updated Information Security Management System templates, thoroughly updated to reflect the forthcoming third edition of ISO/IEC 27001. To be honest, the mandatory ISMS materials required of all organisations seeking ISO 27001 certification are virtually the same as the second edition, making the ISMS Launchpad package ($133) exceptional value even if you intend to migrate to the new edition once released.