Guest user Created: Oct 27, 2017 Last commented: Oct 27, 2017

Information security policy content

We have comprehensive information security guideline ,well if this is sufficient for ISO 27001 mandatory document or do we need to have separate information security policy? can our information security guideline is enough for showing it as information security policy?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 27, 2017

Answer: In terms of mandatory documentation, ISO 27001 requires two types of policies:
- The Information Security Policy referred in clause 5.2 (Policy)
- Information Security policies related to controls from ISO 27001 Annex A if there are risks which would require their implementation (e.g., Access control policy, required by clause A.9.1.1)

For more information about ISO 27001 mandatory documentation, please see this article: List of mandatory documents required by ISO 27001 (2013 revision).

These materials will also help you regarding information security policies:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera .com/books/secure-simple-a-small-business-guide-toimplementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 27, 2017

Expert Advice Community