Guest
Information Security Policy or ISMS Policy?
The main global policy for Information Security. Is it to be called Information Security Policy or ISMS Policy? Got that doubt cause its referenced both ways in different documents.
Assign topic to the user
Answer:
ISO 27001:2013 defines that the top-level policy should be called "Information Security Policy", however the old 2005 revision of ISO 27001 called this document "ISMS Policy".
See also this article: One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016