General Information Security Policy
Anteriormente con la ISO 27001:2005 utilizaba la política general de seguridad de la información y ahí mismo definía el alcance y lo montaba en un manual de políticas, separando la política de seguridad, hoy veo que hay que hacer un alcance del SGSI, lo que me queda duda si debería ser tres documentos, Política General de Seguridad de la Información, Manual de Políticas ( Todo un set ) y el Alcance del SGSI por separado.
Assign topic to the user
Previously, with ISO 27001: 2005, I used the general information security policy and right there I defined the scope and assembled it in a policy manual, separating the security policy, today I see that it is necessary to do an ISMS scope, which I have no doubt if it should be three documents, General Information Security Policy, Policy Manual (A whole set) and the scope of the ISMS separately.
ISO 27001 (even the previous 2005 version) does not prescribe how to document the Information Security Policy, the ISMS scope, and other developed policies, so organizations are free to document them in a single or separate document as best fit their needs.
Regarding policies, our recommendation is that these are documented as separate documents, because the information security policy is a high-level policy, while other policies are more specific, and developing them as a single document would only create a document too big and too complex to read and manage.
These articles will provide you a further explanation about developing policies:
- Is the ISO 27001 Manual really necessary? https://advisera.com/27001academy/blog/2014/02/03/is-the-iso-27001-manual-really-necessary/
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
These materials will also help you regarding developing policies:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 19, 2020