Guest user Created: Aug 03, 2016 Last commented: Aug 03, 2016

Documenting the information security objectives

Our auditor asked for some documentation to check. This includes the documentation on information security objectives. As I understand it, this is included in the informations security policy. Is this correct or do we need an extra document on this?

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Aug 03, 2016

Answer:

ISO 27001 is pretty flexible when it comes to documenting your security objectives - you can write them in your Information Security Policy, in the Statement of Applicability, or in some separate document.

When using our ISO 27001 Documentation Toolkit, you can document the general ISMS objectives in the Information Security Policy, and specific objectives for controls (or groups of controls) in the Statement of Applicability.

This article will also help you: ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

In this free online training you'll find detailed guidance on setting the objectives: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 02, 2016

Expert Advice Community