Best Practices for Writing Policies and Procedures

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/87/0f/75/870f7548-48c8-4c94-3aeb-121ad269486a/mza_11818424611668538939.jpg/600x600bb.jpg

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Dejan Kosutic

21 episodes

6 days ago

“Secure & Simple” demystifies governance and compliance challenges faced by consultants, as well as professionals acting as fractional CISOs in companies. The podcast is hosted by Dejan Kosutic, an expert in cybersecurity governance, ISO 27001, NIS2, and DORA. The episodes present topics in an easy-to-understand way and provide you with insight you won’t be able to find elsewhere. To provide comments, suggest topics for the next episodes, or express your interest in participating in the show, contact us at podcast@advisera.com. Learn more about ISO 27001, NIS2, and DORA at https://advisera.com.

All content for Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance is the property of Dejan Kosutic and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Management

Technology,

Business

Best Practices for Writing Policies and Procedures | Interview with Carlos Cruz

Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

1 hour 23 minutes

3 months ago

Best Practices for Writing Policies and Procedures | Interview with Carlos Cruz

In this episode of the Secure and Simple Podcast, host Dejan Kosutic interviews Carlos Cruz, founder of Metanoia Consulting in Portugal. They discuss essential best practices for creating and managing policies, procedures, plans, and other documents for compliance with ISO standards and cybersecurity regulations. Carlos shares insights on the distinction between procedures and work instructions, the importance of writing clear and concise documents, and the challenges of getting employees to adopt new procedures. They also cover the importance of templates, techniques for ensuring documents reflect current practices, and strategies for addressing resistance to new documents. This episode is a must-watch for consultants, CISOs, and other cybersecurity professionals looking to streamline their documentation process.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course: https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Carlos Cruz
(01:55) - Types of Documents: Policies, Procedures, and Work Instructions
(11:51) - The Importance of Short and Focused Documents
(21:46) - Structuring Documents for Clarity and Compliance
(33:34) - Adapting Documents to Client Needs
(39:31) - The Importance of Templates for Writing Documents
(43:58) - Deciding What to Document
(45:50) - The Roles in Document Creation
(01:15:04) - Common Mistakes in Document Writing
(01:21:39) - Resources for Consultants