Best practice to communicate
Assign topic to the user
Answer:
The best practice is to develop a Communication Plan, which can define what content to communicate, what messages, who performs the communication, to whom, how (typically through email), etc.
This article can be interesting for you “How to create a Communication Plan according to ISO 27001” : https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/
And also our online course can give you information about the Communication Plan “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
We didn't include the Communication Plan in the ISO 27001 toolkit because it is not a mandatory document, and more importantly we think this document would not be very convenient for smaller or mid-sized companies. The problem is - such central document would be very difficult to maintain, because every change in some policy or a procedure would require this plan to change as well.
Much better approach would be to use the elements from the article my colleague has referred to, and place them in particular documents - e.g. in the policy itself define who is in charge of communication, what has to be communicated and to whom.
Comment as guest or Sign in
May 02, 2016