Confidentially statement
Assign topic to the user
Please note that the controls related to the Information Classification Policy do not require any documentation to be written, so you can have a Policy for Handling Classified Information implemented only as a set of practices that everyone knows and follows. For example, you can simply define that all your information is classified as restricted and include this information in the Statement of Applicability, as an implementation method, without the need to write a specific policy document.
This article will provide you a further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
These materials will also help you regarding information labeling:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 28, 2022