ISO 27001 & 22301 / ISMS Policy vs Information Security Policy
Please select user.
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
These are the same policies.
This confusion comes because ISO 27001:2013 defines that the top-level policy should be called "Information Security Policy", however, the old 2005 revision of ISO 27001 called this document "ISMS Policy".
See also this article: One Information Security Policy, or several policies? https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
HTML tags are not allowed