Expert Advice Community

Guest

ISO 27001 rules to consider for usage of documents

  Quote
Guest
Guest user Created:   Dec 08, 2020 Last commented:   Dec 08, 2020

ISO 27001 rules to consider for usage of documents

Has ISO 27001 give any recommendation or rules to be respected on usage of documents based on their level of classification. for example: a document classified confidential, is it permitted to be saved on public cloud, on which conditions.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 08, 2020

ISO 27001 does not prescribe how to handle the information according to their classification level. Such treatment must be based on results of risk assessment and applicable legal requirements (e.g., laws, regulations, and contracts). For example, if the risks related to keeping confidential information on the public cloud are unacceptable, then one rule to be defined is that confidential documents must not be kept on the public cloud. Another example is that a contractual clause may define that confidential documents must be kept on local servers.  

To see how rules to handle information compliant with ISO 27001 looks like, please see the free demo of our Information Classification Policy template at this link: https://advisera.com/27001academy/documentation/information-classification-policy/

This article will provide you a further explanation about information classification:

These materials will also help you regarding information classification and handling:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 08, 2020

Dec 08, 2020