Contradictions between Toolkits and video tutorials
We are confused and ask for your clarification upon the found subject contradiction between ISO 27000 video tutorial 103: ISMS Policy and the Integrated ISO 27000/EU GDPR Toolkit.
The video tutorial is focused on the Information Security Management System Policy implementation based on a document template from the Toolkit. However, in the Integrated ISO 27000/EU GDPR Toolkit there is a document named Information Security Policy Integrated which content differs from that shown in the tutorial. ISMS Policy template is missing in Conformio too.
There is no video tutorial available for Information Security Policy implementation.
Are those policies different? Please be so kind to clarify the content contradiction between those two sources.
Assign topic to the user
Please note that ISO 27001:2013 defines as the top-level policy the "Information Security Policy", however the old 2005 revision of ISO 27001 called this document "ISMS Policy".
So, the ISMS Policy and the Information Security Policy are the same document.
Regarding the elements of GDPR included in this Information Security policy, they do not require customization, so a video tutorial with specific GDPR content for filling in the Integrated ISO 27001 & GDPR Information Security Policy is not required. In case you find any differences between the templates and video tutorials, please consider the template as the most updated version.
For more information, see:
- Information security policy - how detailed should it be? https://advisera.com/27001academy/blog/2010/05/26/information-security-policy-how-detailed-should-it-be/
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
Comment as guest or Sign in
May 03, 2021