Audit checklist content
Assign topic to the user
ISO 27001 INTERNAL AUDITOR COURSE
Everything you need to perform the internal audit for the first time.
Enroll for free 
ISO 27001 INTERNAL AUDITOR COURSE
Everything you need to perform the internal audit for the first time.
Enroll for free
ISO 27001 INTERNAL AUDITOR COURSE
Everything you need to perform the internal audit for the first time.
Enroll for free
Answer:
To verify if this requirement is fulfilled, you have to identify if the organization has clearly defined and implemented actions and roles to communicate relevant information for both internal and external public. For example, if the organization has defined the process bellow:
- For internal public the HR department is responsible to communicate general information security issues, line managers are responsible to communicate technical information security issues, related to the roles of theirs teams, and Top Management is responsible to communicate information security issues related to processes performance and results. These communications will be performed monthly or sooner if the responsible consider it is needed;
- For external public the PR department is responsible to co mmunicate with media representatives, and the purchase department is responsible to communicate with suppliers. Information related to information security incidents are to be communicated only after Top Management approval by Public Relations department.
It is important to note that a formal Communication plan is not mandatory.
These materials will provide you further explanation about ISO 27001 requirements:
- How to create a Communication Plan according to ISO 27001 How to create a Communication Plan according to ISO 27001
- Clause-by-clause explanation of ISO 27001 https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001
Comment as guest or Sign in
Oct 20, 2018