Guest user Created: Oct 19, 2016 Last commented: Oct 19, 2016

ISO 27001 interpretation of A.8.2.1

I'm in possession of the iso standard document, and I see the annex with the description of each clause but, is it the purpose that we'd for instance (see A.8.2.1 control if the information is classified in terms of legal requirements, value, critical and sensitivity to unauthorized disclosure or modification or how should I interpret it.

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Oct 19, 2016

Answer:

I'm not sure if I understood your question correctly, but ISO 27001 allows you to classify your information in any aspect you see fit for your company. Most companies classify their information in terms of confidentiality (i.e. how secret it is), and some companies classify their information in terms of availability (i.e. how quickly they need to get it).

See also this article: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 18, 2016

Expert Advice Community