Information security policy content
Assign topic to the user
Answer: In terms of mandatory documentation, ISO 27001 requires two types of policies:
- The Information Security Policy referred in clause 5.2 (Policy)
- Information Security policies related to controls from ISO 27001 Annex A if there are risks which would require their implementation (e.g., Access control policy, required by clause A.9.1.1)
For more information about ISO 27001 mandatory documentation, please see this article: List of mandatory documents required by ISO 27001 (2013 revision).
These materials will also help you regarding information security policies:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera .com/books/secure-simple-a-small-business-guide-toimplementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Oct 27, 2017