Document labeling
Assign topic to the user
Answer: No, ISO 27001 does not have such requirement - it allows you to decide whether you need labeling at all, and if you do decide to have labels, you can put them in any place that you want - on all pages, only on one page, anywhere on the page.
These articles will help you:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Dejan, thank you for your answer.
#Ref ISO 27002:2013 - A.8.1.2 a) Ensure that assets are appropriately classified and protected;
#Ref ISO 27002:2013 - A.8.2.1 Classification of information - "Each level should be given a name that makes sense in the context of the classification scheme’s application."
How can we interpret above 2 statement i.e. Appropriately classified ?
Also, Let's say my front page of the document is labeled with a confidential tag. If I want to take a print of confidential document consist of 10 pages. So
1) Remaining 9 page will be considered as an uncontrolled copy(pages) ? because there is no classification evident on remaining 9 pages.
2)What if I am physically transporting confidential document via the postal service or via courier?
Ashish
Appropriately classified - this means that you have to make sure you classify your asset correctly, in the right classification level.
For printed documents, it is certainly better if you mark each page with classification level; however for some other assets (e.g. software), you can simply insert the classification level at the login screen, or in the header of the application.
For transporting classified document, you should write the classification level on the envelope.
So basically it's better to have classification level mentioned on each page.
Comment as guest or Sign in
Sep 27, 2016