09.04 BYOD Policy and 09.01 IT Security Policy
Is there a reason to keep the 09.04 BYOD policy separate to the 09.01 IT Security Policy?
Or can we just include it there (in 09.01) like for example we do with 09.02 Clear Desk policy?
Assign topic to the user
The BYOD Policy and the IT Security Policy were developed as separate documents to avoid making the IT Security Policy a bigger and more complex document to read and manage, but you can merge the two documents if you want to (ISO 27001 does not require policies to be written as separate documents).
For further information, see:
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
Comment as guest or Sign in
May 23, 2023