Are confidentiality level and change history mandatory in all documents?
Assign topic to the user
Answer:
The answer for those 2 elements is different:
1) If you have published the Classification policy, then you have to comply with your own policy - if in that policy you have defined that confidentiality level needs to be written in all of your documents, then you have to do so. If you didn't develop such policy, then there is no requirement in the standard to write the confidentiality level in all documents.
2) Regarding change history, ISO 27001 requires you to have this (or something similar) in your ISMS documentation. However, if you find this useful, then you can apply it to all the other documents as well.
Comment as guest or Sign in
Apr 07, 2016