Guest user Created: Aug 16, 2018 Last commented: Aug 16, 2018

Information labeling

I have a question about the information classification policy. What is it that needs to be labeled when talking about information labeling? Is this going to be all documents within the organization, electronic and other forms, that need to be labeled according to this policy? Or is it just the documents about the ISMS? It would be tough to go through every document and label it as such.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 16, 2018

Answer: Very often, for efficiency reasons, only information classified as high sensitive is labelled (ISO 27001 is not prescriptive about which information to label, so this is an organization decision), and in such scenarios information that is not highly sensitive is not labelled.

Regarding what you need to label, you must include all documents within the ISMS scope, i.e., the information you want to protect and documents related to the isms, regardless of the media it uses (if the same high sensitive information is on electronic and physical media, both media must be labelled).

This article will provide more information:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 16, 2018

Expert Advice Community