ISO 27001 - Policy for permitted use / Policy for information transfer
Assign topic to the user
The policy for permitted use contains the record of permitted communication channels. The same record I already added to the policy for information transfer. The policy for permitted use refers to the other policy, which contains the record. In my opinion I would be able to delete the record in the policy for permitted use (if it’s already in the policy for information transfer). Is that correct?
Answer: Please note that section 3.6 of the Policy for permitted use (which refers to information transfer) must be kept only if you do not use the Policy for information transfer. In case the Policy for information transfer is a separated document you can delete section 3.6 and this related record from the Policy for permitted use. This way information about information transfer will be only in one document, minimizing risks of conflicting information.
Comment as guest or Sign in
Jul 24, 2019