Expert Advice Community

Home / ISO 27001 & 22301 / 10.8.5 Business Information systems

Guest

10.8.5 Business Information systems

ISO 27001 & 22301
  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

10.8.5 Business Information systems

ISO 27001 & 22301
I would like to know how to implement the control 10.8.5 Business Information Systems, is there any procedure that we should create, is it about the interconnection (data exchange) between systems? Many Thanks
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
DejanK Jan 12, 2016

Kaoutar,

Control A.10.8.5 "Business Information Systems" existed in the old 2005 revision of ISO 27001 / ISO 27002, it does not exist any more in the 2013 revision of ISO 27001/27002.

All the requirements for transfer of information are now covered in the section A.13.2 called "Information transfer". To cover these requirements, you should prepare a policy which defines basic rules for exchanging the information with third parties, and then sign agreements with them which are compliant with your policy.

For example, see this Information Transfer Policy template: https://advisera.com/27001academy/documentation/information-transfer-policy/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Atheer AlMartan Created:   Apr 24, 2024 ISO 27001 & 22301
Replies: 0
0 0

3.4. Handling classified information
Rooh ullah Created:   Jan 14, 2024 ISO 27001 & 22301
Replies: 1
0 0

Business continuity plan, RTO and MTPD
ISO Created:   Dec 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Information Security Goals