What is the confidentiality level for the Business Continuity Policy Document? I have watched the video but am unable to find the answer.
Answer:
I suppose that your question is related to ISO 22301. This standard does not establish a confidentiality level for documents, anyway, you can consider, for example, 3 confidential levels: Confidential (information only for Directors and Top Management), Restricted (information only for Managers, some areas, or some employees) and Internal (information only for internal employees). So, if the Business Continuity Policy must be a document for internal use, and must be seen by all employees, in accordance with my previous example, you can consider it as Internal.
Finally, this article about the classification of information can be interesting for you Information classification according to ISO 27001 : https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/, and also this article "The purpose of Business continuity policy according to ISO 22301 " : https://advisera.com/27001academy/blog/2013/06/04/the-purpose-of-business-continuity-policy-according-to-iso-22301/
Comment as guest or Sign in
Jan 12, 2016