left-svg
Bonus expert support worth $500
with the ISO 27001 Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Expert Advice Community

Guest

Control A.8.2 Information Classification

  Quote
Guest
Guest user Created:   Jun 17, 2022 Last commented:   Jun 17, 2022

Control A.8.2 Information Classification

As a small business, we are inclined not to implement the following Annex A control Information classification as after the risk assessment, management has taken a decision to accept the risk however, we are also told this is a critical control that some auditors don’t like when that is not implemented therefore as an alternative on that control, we can have all our documents classified as internal and in case we need to provide sensitive information to external parties for example, then we will have a process of approvals and change the classification based on the document complexity?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 17, 2022

 Provided management has accepted the risks that would require implementation of control A.8.2.1 Classification of information, and there is no legal requirement (e.g., law, regulation, or contract) demanding this control to be implemented, this fulfills the standard’s requirements and is ok for certification purposes (the fact that the auditor “likes” this or not is irrelevant).

In case you decide to implement the control, the way you propose is acceptable for certification purposes (i.e., a single classification for all information and a reclassification process for information to be sent to external parties).

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 17, 2022

Jun 17, 2022

Suggested Topics

Guest user Created:   Jun 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about SoA

Guest user Created:   Apr 09, 2022 ISO 27001 & 22301
Replies: 1
0 0

Question about toolkit