ISMS Framework vs IS Policy
What is the difference between ISMS Framework and an Information Security policy?
Which one should come first?
Assign topic to the user
An Information Security Policy is a single top-level document, whereas an ISMS has several documents, each of which focuses on one area.
To see how an Information Security Policy looks like, see the demo in this link: https://advisera.com/27001academy/documentation/information-security-policy/
Regarding which one comes first, the Information security policy is one of the first documents to write for ISMS, helping defining all other documents.
These articles will provide you a further explanation about ISO 27001 and Information Security Policy:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
These materials will also help you regarding ISO 27001:
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Sep 16, 2020