Expert Advice Community

Guest

“Information Security Policy” or “ISMS Policy”?

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

“Information Security Policy” or “ISMS Policy”?

The main global policy for Information Security. Is it to be called “Information Security Policy” or “ISMS Policy”? Got that doubt cause it’s referenced both ways in different documents.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

Answer:

ISO 27001:2013 defines that the top-level policy should be called "Information Security Policy", however the old 2005 revision of ISO 27001 called this document "ISMS Policy".

See also this article: One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

ISO Created:   Dec 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Information Security Goals

Guest user Created:   Oct 30, 2023 ISO 27001 & 22301
Replies: 1
0 0

Physical Security (A.11)