Information Security Policy review
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
There is no need to elaborate a new version of the Information Security Policy if there is no changes in the ISMS scope, but you also must consider that other changes on internal or external elements that can affect the ISMS can require an Information Security Policy review, like changes on the organizational context, the purpose of the organization or on the information security objectives. One way to verify this need is through management reviews.
These articles will provide you further explanation about inforamtion security policy review:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and -iso-22301/
These materials will also help you regarding:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Nov 11, 2016