0

Your Cart is Empty

FAQ

MorganHill is one of the world’s leading ISO/IEC 27001, ISO 14001, ISO 9001, ISO 45001, ISO 22301, and ISO 27701 advisory and consulting firms offering a wide-range of ISO/IEC services and solutions to organization all across the globe.

MorganHill was born with a simple goal in mind. Help organizations all around with their ISO/IEC 27001, ISO 14001, ISO 9001, ISO 45001, ISO 22301, and ISO 27701 journey by offering the very best advisory services and solutions, along with industry leading documentation.

Unlike many other ISO/IEC ISMS templates that are nothing more than a copy and paste of the actual ISO/IEC 27002 controls, our ISMS templates have been developed by subject matter experts at MorganHill with years of experience in the broader field of information security, cybersecurity, data privacy, regulatory compliance, corporate governance, and other related areas. Specifically, we have developed, then documented within our ISMS templates, what we deem to be industry accepted best practices for each of the applicable referenced ISO/IEC 27002:2022 controls.

As such, we do not copy the prescriptive language stated within any of the past or current published applicable ISO/IEC standards and repurpose it in our ISMS documents, rather, we apply our own intellectual property copyright methodologies regarding the appropriate security policies, procedures, processes - and best practices - that an organization should implement.

ISO/IEC 27002:2022 - Information security, cybersecurity and privacy protection — Information security controls, provides a reference set of generic information security controls including implementation guidance to be used by organizations" a) within the context of an information security management system (ISMS) based on ISO/IEC27001; b) for implementing information security controls based on internationally recognized best practices; c) for developing organization-specific information security management guidelines.

Annex A of ISO/IEC 27002:2022 is a list of all controls for which an organization can potentially apply regarding the development and implementation of an Information Security Management System (ISMS). ISO/IEC 27002:2022 contains 93 controls, down from the 114 controls found in ISO/IEC 27002:2013.

Because we saw a real need to create industry leading security and privacy documentation that could meet and/or exceed the stated suggested controls as noted within the Annex A controls of ISO/IEC 27002. As we state many times throughout our website, we do simply NOT copy the prescriptive language stated within any of the past or current published applicable ISO/IEC standards and repurpose it in our ISMS documents, rather, we apply our own intellectual property copyright methodologies regarding the appropriate security policies, procedures, processes - and best practices - that an organization should implement.

Currently, all of our ISMS documents are developed in accordance with ISO/IEC 27001:2022 and ISO/IEC 27002:2022.

Yes, we do. A large number of our clients request policy writing services for helping create customized ISMS documents. Along with writing ISMS policies and procedures, we also offer services for developing your Statement of Applicability (SoA), Internal Audit Program, and much more.

We have years of experience working with the ISO/IEC 27000 standards, and as such, our ISMS documents reflect our expertise and knowledge to the fullest extent possible.

Yes, our ISMS documents provide much more than just policies and procedures. For example, we offer an incredibly comprehensive Security Incident Management and Response Program, a Third-Party Due-Diligence & Vendor Management Program, and many other similar, high-quality documents. Along with writing ISMS policies and procedures, we also offer services for developing your Statement of Applicability (SoA), Internal Audit Program, and much more.