Guest user Created: May 09, 2017 Last commented: May 09, 2017

Information with different classifications

I'm doing policy review for ISO 27k . I'd like to know, is it wrong to relate the policy statement with related SOP and both documents are not having the same classification

0 0

Assign topic to the user

Select user

Expert

Rhand Leal May 09, 2017

There will be no problem as long as you ensure all that people who needs to access both, the policy and the related SOP can do that, and they are aware on how to handle the information regarding their respective classification. You should note that ISO 27001 does not prevent this kind of situation, but can help handle related risks.

This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

These materials will also help you regarding information classification:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 09, 2017

Expert Advice Community