Company records
Why is it not best practice to classify all company records as confidential?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that the higher the classification level of information, the greater will be the effort and resources required to protect it, and most probably not all your information will have the same level of importance/value to your organization.
Considering that, if you classify all your information as confidential you will be wasting resources and effort (you should be allocating fewer resources to less important information).
Additionally, some records are public by default - e.g. an inventory of the products that are sold over the website - so it makes no sense to classify such records as confidential.
This article will provide you a further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Comment as guest or Sign in
Apr 29, 2020