Documenting the information security objectives
Assign topic to the user
Answer:
ISO 27001 is pretty flexible when it comes to documenting your security objectives - you can write them in your Information Security Policy, in the Statement of Applicability, or in some separate document.
When using our ISO 27001 Documentation Toolkit, you can document the general ISMS objectives in the Information Security Policy, and specific objectives for controls (or groups of controls) in the Statement of Applicability.
This article will also help you: ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
In this free online training you'll find detailed guidance on setting the objectives: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 02, 2016