Information security policy communication
Assign topic to the user
Answer: In terms of communication, the standard only requires that the information security policy must be communicated within the organization, and that it is available to interested parties, as appropriate. So, the organization is free to decide how to do this, and having a signed copy posted in the office is only one alternative. The organization can define the policy shall be available on the organization's web site, on banners in the corridors, to be communicated periodically in email newsletters, or that is available on the internal Document Management System. There is no mandatory way an organization should follow.
These materials will also help you regarding Information security policy communication:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Co urse https://advisera.com/training/iso-27001-foundations-course/
Regarding Document Management System, I suggest you to see Conformio, our ISO online tool, so you can see an example on how to make the Information Security Policy available, as well as to konw other resources that can help you implement and manage an ISO 27001 ISMS. The link to Conformio is https://advisera.com/conformio/
Comment as guest or Sign in
Mar 09, 2017