What is the difference between ISMS Framework and an Information Security policy?
Which one should come first?
Assign topic to the user
An Information Security Policy is a single top-level document, whereas an ISMS has several documents, each of which focuses on one area.
To see how an Information Security Policy looks like, see the demo in this link: https://advisera.com/27001academy/documentation/information-security-policy/
Regarding which one comes first, the Information security policy is one of the first documents to write for ISMS, helping defining all other documents.
These articles will provide you a further explanation about ISO 27001 and Information Security Policy:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
These materials will also help you regarding ISO 27001:
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Sep 16, 2020