Expert Advice Community

Home / ISO 27001 & 22301 / Information security policy vs. Acceptable use policy

Guest

Information security policy vs. Acceptable use policy

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Information security policy vs. Acceptable use policy

ISO 27001 & 22301
What is the big difference between the Information Security Policy and the Acceptable Use Policy?
1 2

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
DejanK Jan 12, 2016

ISO 27001 is not very clear when it comes to this question. However, best practice is the following: Information security policy should be a short top-level document that describes general approach of a company towards information security; Acceptable use policy should be a longer document describing all the security rules that are applicable to all employees.

These articles will also help you:

Information security policy – how detailed should it be? https://advisera.com/27001academy/blog/2010/05/26/information-security-policy-how-detailed-should-it-be/
How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest post Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

Third Party Providers vs. ISMS Policy conflictions
Guest user Created:   Dec 17, 2022 ISO 27001 & 22301
Replies: 1
0 0

Questions ISO 27001
Guest user Created:   Sep 23, 2021 ISO 27001 & 22301
Replies: 5
0 0

ISO 27001 implementation