Difference between A.8.1.3 and A.8.2.3
Assign topic to the user
ISO 27001 INFORMATION CLASSIFICATION POLICY
Define the classification levels and how to protect the information.
Get it now 
ISO 27001 INFORMATION CLASSIFICATION POLICY
Define the classification levels and how to protect the information.
Get it now
ISO 27001 INFORMATION CLASSIFICATION POLICY
Define the classification levels and how to protect the information.
Get it now
A.8.1.3 is a general control aiming at rules for acceptable use of assets - those rules can range from physical protection of the laptop all the way to password complexity. See a note about the Acceptable Use Policy in this article: How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
A.8.2.3 is a control where you have to describe the protection of your information assets based on classification. The general principle is: the higher the classification level, the more protection you need. See also this article: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Comment as guest or Sign in
Jan 12, 2016