Guest user Created: May 25, 2019 Last commented: May 25, 2019

Elaborating documents

I have a question about the ISMS scope and the Information Security Policy documents. Can those 2 documents be joined in one? Because we are a small company and all departments will be included in the scope.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal May 25, 2019

Answer:

ISO 27001 does not prescribe how documents should be developed, so you can chose the approach that best fits your needs.

The main criteria to decide to merge documents or not are if they have similar purposes and if by merging them they would not become a document too big to understand or read. So, in this case, if your single document does not become to big to use and manage it may be best to merge them, so you have one less document to manage in your ISMS.

These articles will provide you further explanation about developing policies:
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 25, 2019

Expert Advice Community