Expert Advice Community

Home / ISO 27001 & 22301 / ISMS Policy vs Information Security Policy

Guest

ISMS Policy vs Information Security Policy

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Apr 22, 2022 Last commented:   Apr 22, 2022

ISMS Policy vs Information Security Policy

ISO 27001 & 22301
Are the ISMS Policy vs Information Security Policy the same or different polices?
0 0

Assign topic to the user

ISO 27001 FOUNDATIONS COURSE

Everything you need to know about ISO 27001.

ISO 27001 FOUNDATIONS COURSE

Everything you need to know about ISO 27001.
Expert
Rhand Leal Apr 22, 2022

These are the same policies.

This confusion comes because ISO 27001:2013 defines that the top-level policy should be called "Information Security Policy", however, the old 2005 revision of ISO 27001 called this document "ISMS Policy".

See also this article: One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

Quote
0 1
Guest
Ray Crago Apr 22, 2022

Thank you!

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 22, 2022

Apr 22, 2022

Suggested Topics
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

“Information Security Policy” or “ISMS Policy”?
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 7
0 0

Narrow ISMS scope and an Information Security policy for the whole organization
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 1

ISO 27001 Internal Audits