ISO 27001 policies with the help of the BSI basic protection devices and measures create “to the operation of an information security management system is it necessary make rules that describe our information technology and binding rules” Gerhard Kron, CEO at soft Crown, carries out. Kron explains further: “so that such policies can be created accurately, acceptable and legal security, a good expertise in the field of information security required or the use is external consultants who exactly these policies have already created enough practical experience and deliver to your customers. As a further option, it offers to acquire up to the necessary policies. “In the two latter cases, so the use external consultants or the purchasable purchase, remains the responsible task to ‘trim’ the received policies on the specifics of his company.” Kron raises the question of whether it make sense then really have to get policies if anyway still a lot of work must be inserted by third parties and answered the question yourself:
“If there is the know-how to create the policies, self creating the policies claimed probably only insignificant overhead, as if the responsible existing policies must change”. “The solution to the problem is however openly” so Kron, “we need to remember only that the Bundesamt fur Sicherheit in der Informationstechnik (BSI) has this know-how and emits it in the form of”Building blocks”and”Measures”to the person in charge. We only need to know which of the two elements, the policies should be created and secondly, what policies are necessary. To this question an overview has created Crown soft now, which enumerates the minimum of necessary policies and to each policy indicates what BSI modules and what BSI measures for the required policy may be used.” Kron gives us the publication and the following overview of necessary policies and thinks: “Opus i paper B2. 002, the available to our customers” stands, the BSI building blocks and BSI measures are put together – to any policy it has now, he can put together relatively quickly and easily the content to the policies from the demands of building blocks and measures”..