Expert Advice Community

Guest

Guidance for Information Security Policy

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Guidance for Information Security Policy

0 0

Assign topic to the user

ISO 27001 INFORMATION SECURITY POLICY

Define the main rules for information security management.

ISO 27001 INFORMATION SECURITY POLICY

Define the main rules for information security management.

Guest
AntonioS Jan 13, 2016

I was wondering where I can find some guidance with regard to Point A.5 Draft Information Security Policy? Is this an Information Security Charter? We plan to set up an Information Security Steering Committee. Should this be included here as well or better a seperate document
 

Answer:

I am sorry but I am not sure what you mean with “Information Security Charter”, but at the highest level, organizations should define an "Information security policy" which is approved by top management and which sets out the organization’s approach to managing its information security objectives, main responsibilities, etc. Separate from this top-level policy the companies usually develop detailed policies (like Backup policy, Access control policy, etc.). 
ISO 27001 does not require Information Security Steering Committee, and smaller companies typically do not have such a body - if you decide to setup such body, it can be defined in the Information security policy. 
For more information about the Information Security Policy, please read this article “One Information Security Policy, or several policies?” : https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
And also this article can be interesting for you “Information security policy – how detailed should it be?” : https://advisera.com/27001academy/blog/2010/05/26/information-security-policy-how-detailed-should-it-be/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Feb 19, 2021 ISO 27001 & 22301
Replies: 1
0 0

IT Security Policy

Guest user Created:   Jun 24, 2021 ISO 27001 & 22301
Replies: 1
0 0

Working from home