Guest
Information labelling
In the Information Classification Policy under the Information Labeling section there is a statement that one should display the confidentiality level in applications and databases on the system access screen. We are having a hard time putting this into practice for let's say a database being accessed through a 3rd party tool like pgadmin or other 3rd party software where we do not control the appearance.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Oct 28, 2017
Answer: This statement is only a recommendation. ISO 27001 control A.8.2.2 (Labeling of information) does not define any form of labeling, only that a labeling procedure must be defined and implemented (if the control is considered applicable). How to label information is an organization's decision. In cases where the implementation of labeling is not feasible, or it will require much effort or resources, an organization can define that labeling will not be applicable.
This article will provide you further explanation about informat ion handling:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Comment as guest or Sign in
Oct 28, 2017
Oct 28, 2017
Oct 28, 2017