SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

Change management and Change classification

  Quote
Guest
Guest user Created:   Oct 05, 2023 Last commented:   Oct 05, 2023

Change management and Change classification

How do we define what changes need to be regulated by the Change Management and what changes do not?

Can you maybe share a list with examples or criteria you see used?

0 0

Assign topic to the user

ISO 27001 INFORMATION CLASSIFICATION POLICY

Define the classification levels and how to protect the information.

ISO 27001 INFORMATION CLASSIFICATION POLICY

Define the classification levels and how to protect the information.

Expert
Rhand Leal Oct 05, 2023

I’m assuming that by change management, you are referring to control A.8.32 Change Management.

Considering that, any change involving information, processes, or facilities stated in the ISMS scope needs to be regulated by Change Management. 

For example, if R&D information is included in the ISMS scope, then any change that may impact this information (e.g., a change in an information system that processes R&D data) needs to be controlled by Change Management. 

This article will provide you with further explanation about change management (although the article is about ISO 27001:2013 control for change management, the concepts are the same for the ISO 27001:2022 control).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 05, 2023

Oct 05, 2023