Expert Advice Community

Home / ISO 27001 & 22301 / ISMS Policy vs Information Security Policy

Guest

ISMS Policy vs Information Security Policy

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Apr 22, 2022 Last commented:   Apr 22, 2022

ISMS Policy vs Information Security Policy

ISO 27001 & 22301
Are the ISMS Policy vs Information Security Policy the same or different polices?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Apr 22, 2022

These are the same policies.

This confusion comes because ISO 27001:2013 defines that the top-level policy should be called "Information Security Policy", however, the old 2005 revision of ISO 27001 called this document "ISMS Policy".

See also this article: One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/

Quote
0 1
Guest
Ray Crago Apr 22, 2022

Thank you!

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 22, 2022

Apr 22, 2022

Suggested Topics
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

“Information Security Policy” or “ISMS Policy”?
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 7
0 0

Narrow ISMS scope and an Information Security policy for the whole organization
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits