Information labeling
Assign topic to the user
Answer: Very often, for efficiency reasons, only information classified as high sensitive is labelled (ISO 27001 is not prescriptive about which information to label, so this is an organization decision), and in such scenarios information that is not highly sensitive is not labelled.
Regarding what you need to label, you must include all documents within the ISMS scope, i.e., the information you want to protect and documents related to the isms, regardless of the media it uses (if the same high sensitive information is on electronic and physical media, both media must be labelled).
This article will provide more information:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Comment as guest or Sign in
Aug 16, 2018