Expert Advice Community

Guest

Information with different classifications

  Quote
Guest
Guest user Created:   May 09, 2017 Last commented:   May 09, 2017

Information with different classifications

I'm doing policy review for ISO 27k . I'd like to know, is it wrong to relate the policy statement with related SOP and both documents are not having the same classification
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 09, 2017
There will be no problem as long as you ensure all that people who needs to access both, the policy and the related SOP can do that, and they are aware on how to handle the information regarding their respective classification. You should note that ISO 27001 does not prevent this kind of situation, but can help handle related risks.
This article will provide you further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
These materials will also help you regarding information classification:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 09, 2017

May 09, 2017

Suggested Topics