Confidentiality levels
Assign topic to the user
ISMS Scope Document: Public (As customers might have to know for what you are certified) ?
Information Security Policy: Public
Inventory of Assets: Restricted
Security Procedures for IT Department: Internal
IT Security Policy: Internal
Password Policy: Internal
Access Control Policy: Internal
Mobile Device & Teleworking Policy: Internal
Bring Your Own Device Policy: Internal
Incident management procedure: Internal
Statement of Acceptance of ISMS Documents: Internal
NDA for Suppliers: Restricted
NDA for Employees: Restricted
Security Clauses for Suppliers and Partners: Internal
Information Classification Policy: Internal
Competence (document describing what your profile and responsibilities must be as a potential employee): Public
Internal Audit Report: Internal
Internal Audit Checklist: Internal
Training and Awareness Plan: Internal
Results of access rights review: Internal
Results of the management review / Management Review Minutes: Restricted
Incident Log: Internal
Measurement Report: Internal
Records of monitoring and reviewing suppliers and partners: Internal
Erasure & destruction records: Internal
Records of testing backup copies: Internal
List of Legal, Regulatory, Contractual and Other Requirements: Internal
Corrective Action Form: Restricted
Answer:
The confidentiality level of particular document is directly related to the potential damage if such document leaks to the unauthorized persons. Therefore, I cannot provide you a concrete feedback because I do not know what your risk assessment results are.
For example, if NDA for suppliers contains no sensitive information then it could be classified as Public, but if it contains highly sensitive information then it should be classified as Restricted.
See also this article: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Comment as guest or Sign in
May 09, 2019