Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Information classification

  Quote
Guest
Guest user Created:   Feb 08, 2018 Last commented:   Feb 08, 2018

Information classification

I am currently working with a Civil Marine construction company, that have a limited IT Infrastructure - mostly look after the ERP and few business applications. The company don't have a formal InfoSec section / role within Organization ... Here, I have few queries in this regard
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 08, 2018

1. ISO 27001 - Section 8.2 - Information Classification

It says that "Information should be classified in terms of legal requirements, value, criticality and sensitivity to unauthorized disclosure or modification."

My Question is that who should develop the "Information Classification Matrix"? IT itself or the management? Please note that there is no separate Risk Management Section too ...

Answer: The role that better fits to develop the Information Classification Matrix is the Information owner, the person who better knows the value of the information. Generally it is the process owner (the one accountable for the results of the process) or process key user (the one who better know how the process operates).

This article will provide you further explanat ion about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

2. My 2nd Question is; how to evaluate whether a company needs to go for ISO 27001 or not? Competitive advantage is one reason, but what other criteria a company should analyze that why they need to go for ISO 27001.

Answer: Besides competitive advantage, a company may decide to go for ISO 27001 certification because it has a contract or other legal requirement (e.g., law or regulation) that demands this certification, or it identifies that by adopting ISO 27001 practices it can reduce losses and make the business more profitable.

These articles will provide you further explanation about ISO 27001 benefits:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- ISO 27001 benefits: How to obtain management support [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/

These materials will also help you regarding information classification and ISO 2701 benefits:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 08, 2018

Feb 08, 2018

Suggested Topics

Guest user Created:   Mar 09, 2016 ISO 27001 & 22301
Replies: 1
0 0

Some types of assets