Guest
Change the top-level policy
hi
In 12 steps to transmission to new version of standard in step4: Change the top-level policy , Do we necessarily have to change ISMS policy to information security policy? or Can We not change this policy ?
thanks
Assign topic to the user
Our white paper "Twelve-step transition process from ISO 27001:2005 to 2013 revision" suggests you can change the title of the policy if you wish, but this is not necessary; also if you wish you can also delete some items from the policy because they are not needed any more. However, if your ISMS Policy is compliant with ISO 27001:2005, you can leave it as it is and it will be compliant with ISO 27001:2013 as well.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016