Information classification policy
Assign topic to the user
Answer:
ISO 27001 does not prescribe which categories to implement, so organizations are free to define the ones that best suit their needs, and these can either be based on legal requirements the organization must comply with (e.g., laws or regulations which define or recommend lists of categories), based on a framework developed by the organization itself, or based on market best practices. Examples of classification levels are:
- Secret and Top secret
- Unclassified
- Non sensitive
For further information about information classification, see: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
To see how an Information Classification Policy looks like, I suggest you to take a look at the free demos of our Information C lassification Policy at this link: https://advisera.com/27001academy/documentation/information-classification-policy/
Comment as guest or Sign in
Jun 06, 2019