Clause 7.4 Communication Register
Dear Team - how can we generate a communication register for the 7.4 clause? We were asked for Communication Register.
Assign topic to the user
First is important to note that we do not recommend creating such a register.
Please note that ISO 27001 requires you to define a communication process, although there is no requirement that such a process must be documented.
Considering that, communication is an activity that is performed by many processes in information security according to ISO 27001, with different purposes. So, to have a centralized communication procedure would create an overhead for people responsible for communication with activities that may not be a part of their regular tasks.
That’s the reason there isn’t a specific template for clause 7.4.
The main documents in Conformio that define how communication needs to be done are:
- the Information Security Policy
- the Training Module
- the Incident Management Procedure
- the Disaster Recovery Plan
Additionally, most of the communication an organization performs is already registered through emails, Slack messages, etc. - so those can act as “registers”.
If you do want to create a separate Communication plan, then this article will provide you with further explanation about communication plan:
- How to create a Communication Plan according to ISO 27001 https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/
Comment as guest or Sign in
Jun 06, 2023