Guest
Are we allowed to change ISMS policies on our own
We want to make some changes to our policy before our first surveillance audit. We have the ISO 27001 certificate now. Can we simply change the policy on our own without informing anyone?
Are we allowed to change ISMS policies on our own?
Assign topic to the user
Expert
Rhand Leal
Jul 14, 2020
You can change ISMS policies anytime you identify the need to, but you need to evaluate who will be impacted by the changes, and what the impacts will be, to decide who needs to be informed, and what is the information to be communicated. For example:
- a change in the Information Security Policy needs to be communicated to all personnel
- a change in a Backup Policy, regarding the change in technology, may need to be communicated only to IT personnel
- a change in a Supplier Management Policy may need to be communicated to the organization's suppliers
Comment as guest or Sign in
Jul 14, 2020
Jul 14, 2020
Jul 14, 2020