Expert Advice Community

Guest

Are we allowed to change ISMS policies on our own

  Quote
Guest
Guest user Created:   Jul 14, 2020 Last commented:   Jul 14, 2020

Are we allowed to change ISMS policies on our own

We want to make some changes to our policy before our first surveillance audit. We have the ISO 27001 certificate now. Can we simply change the policy on our own without informing anyone?
Are we allowed to change ISMS policies on our own?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 14, 2020

You can change ISMS policies anytime you identify the need to, but you need to evaluate who will be impacted by the changes, and what the impacts will be, to decide who needs to be informed, and what is the information to be communicated. For example:

  • a change in the Information Security Policy needs to be communicated to all personnel
  • a change in a Backup Policy, regarding the change in technology, may need to be communicated only to IT personnel
  • a change in a Supplier Management Policy may need to be communicated to the organization's suppliers
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 14, 2020

Jul 14, 2020

Suggested Topics

Kamil Created:   Jul 22, 2021 ISO 27001 & 22301
Replies: 2
0 0

Risk owner problem

Guest user Created:   Jul 05, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS TIER 1 - 4 Documents

Guest user Created:   Jun 23, 2021 ISO 27001 & 22301
Replies: 1
0 1

ISMS implementation