Expert Advice Community

Guest

Information security policy communication

  Quote
Guest
Guest user Created:   Mar 09, 2017 Last commented:   Mar 09, 2017

Information security policy communication

Are we required to have a signed copy of the information security policy statement posted in the office?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 09, 2017

Answer: In terms of communication, the standard only requires that the information security policy must be communicated within the organization, and that it is available to interested parties, as appropriate. So, the organization is free to decide how to do this, and having a signed copy posted in the office is only one alternative. The organization can define the policy shall be available on the organization's web site, on banners in the corridors, to be communicated periodically in email newsletters, or that is available on the internal Document Management System. There is no mandatory way an organization should follow.

These materials will also help you regarding Information security policy communication:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Co urse https://training.advisera.com/course/iso-27001-foundations-course/

Regarding Document Management System, I suggest you to see Conformio, our ISO online tool, so you can see an example on how to make the Information Security Policy available, as well as to konw other resources that can help you implement and manage an ISO 27001 ISMS. The link to Conformio is https://advisera.com/conformio/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 09, 2017

Mar 09, 2017

Suggested Topics