Expert Advice Community

Home / ISO 27001 & 22301 / Consolidating policies

Guest

Consolidating policies

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 10, 2019 Last commented:   Jan 10, 2019

Consolidating policies

ISO 27001 & 22301
I have consolidated these documents “ ISMS policy – IT Security policy – access control policy- Secure Development policy” into one document that is right?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Jan 10, 2019

Answer:

Although ISO 27001 allows merging documents, the ISMS Policy is a high level document (to be used for all organization), while the remaining policies you mentioned are considered operational policies (to be used by specific areas or processes), so in this case we advise not to integrate them in a single document, because this document would become unnecessarily big and difficult to read and manage.

These articles will provide you further explanation about developing policies:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 10, 2019

Jan 10, 2019

Suggested Topics
Evelin Created:   Jun 04, 2024 ISO 27001 & 22301
Replies: 1
0 0

What do we do when our existing policies do not match Conformio's policies?
Henrik Created:   Sep 29, 2023 ISO 27001 & 22301
Replies: 1
0 0

Apply procedure for document and record control only to information security policies in Conformio?
Guest user Created:   Aug 03, 2022 ISO 27001 & 22301
Replies: 1
0 0

Policies details