Guest
Information security policy vs. Acceptable use policy
What is the big difference between the Information Security Policy and the Acceptable Use Policy?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 is not very clear when it comes to this question. However, best practice is the following: Information security policy should be a short top-level document that describes general approach of a company towards information security; Acceptable use policy should be a longer document describing all the security rules that are applicable to all employees.
These articles will also help you:
Information security policy how detailed should it be? https://advisera.com/27001academy/blog/2010/05/26/information-security-policy-how-detailed-should-it-be/
How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016