Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

Information Classification Policy

  Quote
Created:   Mar 09, 2023 Last commented:   Mar 15, 2023

Information Classification Policy

Regarding the Information Classification Policy on infomation labeling, does this need to be applied on historical data as well? eg. stamp "confidential" on all paper documents from 2022 and below

0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Expert
Rhand Leal Mar 15, 2023

The need for labeling historical data will depend on the results of risk assessment and applicable legal requirements (e.g., laws, regulations, or contracts).

For example, due to relevant risks or a contract with customers, you may need to keep at least the historical data from two previous years classified, so you need to label them according to the related information classification level.

In most cases we see that companies are not classifying documents and records created before the start of the ISO 27001 project.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 09, 2023

Mar 15, 2023