Expert Advice Community

Guest

Information Classification Policy - “labeling” of information

  Quote
Guest
Guest user Created:   Jan 13, 2021 Last commented:   Jan 13, 2021

Information Classification Policy - “labeling” of information

I am going through the documentation and have a question regarding the Information Classification Policy.

More precisely regarding “labeling” of information. I would like to stick as close as possible to the default document.

However, as a B2B communication agency almost all information we manage (and that is a lot) can be classified as “Internal use”.

Is it ok to specify that all “(unlabeled)” or “INTERNAL” labeled information is to be considered “internal use”?

So that we can avoid needing to label just about everything with the same label.

Could can an alternative be to use “(unlabled)” for “internal use” and “public” for “public” assets?

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 13, 2021

ISO 27001 does not prescribe how to define information labeling, so your proposed scheme is acceptable by the standard (i.e., keep “Internal use” information unlabeled, and label public information as public).  

These articles will provide you a further explanation about information classification:

These materials will also help you regarding information classification:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2021

Jan 13, 2021