ISO 27001 – Guided Documentation Development

Policies and supporting documentation are the primary governance structure for a cybersecurity program. Security policies protect people and information, define expected personnel behaviors, define the organization's position on security, minimize risk and track compliance with regulations and legislation. Information security policies also provide a framework for best practices to align the business, from the top down, on its information security direction and expectations.

DeepSeas has developed a mature and audit-tested documentation set.

The objectives of this initiative are as follows:

1. DeepSeas will provide documentation templates
2. DeepSeas will provide expert level consulting and support to address questions

The methodology consists of the following activities:

1. GUIDED DOCUMENTATION DEVELOPMENT
   1. DeepSeas will provide documentation templates to the Client and advise on initial development.
   2. DeepSeas will review documentation edits and accept all documents that align with ISO standards. Documents that require additional edits will be addressed through scheduled working sessions.
   3. DeepSeas will conduct working sessions for the duration and frequency defined in the scope.
2. STATUS MEETINGS
   1. DeepSeas will host regular status meetings to validate documentation tasks are on track and to address questions the Client may have regarding documentation development.
   2. DeepSeas will conduct status meetings for the duration and frequency defined in the scope.

DeepSeas will produce the following deliverables:

1. ISO 27001 - Documentation Templates

PROJECT-SPECIFIC ASSUMPTIONS

1. DeepSeas will deliver all documentation templates in a standardized format that is accepted for certification. The Client can change the document type, however, the Client must understand the documentation requirements for certification.