Assign topic to the user
The need to consider Information security in project management separately will depend on the results of risk assessment and applicable legal requirements (e.g., laws, regulations, and contracts).
For example, some projects may require the implementation of technologies not used in your organization at large, so it would not make sense to write a corporate policy. Other projects, by force of contracts, may require that all information security is under project context. In case these situations do not occur, then you can make projects refer to the corporate documents
For additional information, see:
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/blog/2015/07/06/how-to-manage-security-in-project-management-according-to-iso-27001-a-6-1-5/
Comment as guest or Sign in
Nov 18, 2020