Elaborating documents
Assign topic to the user
Answer:
ISO 27001 does not prescribe how documents should be developed, so you can chose the approach that best fits your needs.
The main criteria to decide to merge documents or not are if they have similar purposes and if by merging them they would not become a document too big to understand or read. So, in this case, if your single document does not become to big to use and manage it may be best to merge them, so you have one less document to manage in your ISMS.
These articles will provide you further explanation about developing policies:
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
Comment as guest or Sign in
May 25, 2019