SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Information security policies

  Quote
Guest
Guest user Created:   Aug 03, 2018 Last commented:   Aug 03, 2018

Information security policies

I have a question regarding Acceptable Use Policy vs all of the smaller documents (DYOD, Teleworking, cryptographic controls, password policy).
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 03, 2018

Do I understand correctly that for a smaller company (~30) it is sufficient to have one detailed document in form of the Acceptable Use Policy and then it is not necessary anymore to fill out all the smaller ones as mentioned above? Or do you need both? I feel like they are somewhat redundant.

Thank you very much. Looking forward to your answer to move on quickly.

Answer: You understanding is correct. If a single Use Acceptance Policy can fulfil your needs you do not need to develop other policies.

These article will provide you further explanation about policies development:
- 8 criteria to decide which ISO 27001 policies and procedures to write 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 03, 2018

Aug 03, 2018

Suggested Topics