Difference between A.8.1.3 and A.8.2.3
Assign topic to the user
A.8.1.3 is a general control aiming at rules for acceptable use of assets - those rules can range from physical protection of the laptop all the way to password complexity. See a note about the Acceptable Use Policy in this article: How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
A.8.2.3 is a control where you have to describe the protection of your information assets based on classification. The general principle is: the higher the classification level, the more protection you need. See also this article: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Comment as guest or Sign in
Jan 12, 2016