Information and Cloud security policies
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: Information security policy is related to a top management definition of what it wants to achieve with information security in a broader sense, providing the framework for managing the ISMS, while the cloud security policy narrows the focus, considering the definition of what it wants the ISMS to achieve with information security in cloud environments. In terms of implementation, you can have the Cloud Security Policy as a section in the Information Security Policy or as a completely separated document.
This article will provide you further explanation about Information and Cloud security:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- What should you write in your Informati on Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
Comment as guest or Sign in
Feb 16, 2017