Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

ISO27001 in a General Information Security Policy

  Quote
Guest
Guest user Created:   Nov 26, 2020 Last commented:   Nov 26, 2020

ISO27001 in a General Information Security Policy

Did we must mention ISO27001 in a General Information Security Policy ? How?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 26, 2020

I'm assuming by your statement that your organization is not ISO 27001 certified.

Considering that, you only need to mention ISO 27001 in a General Information Security Policy in case you want to point out that the policy complies with the standard's requirements. The best way to mention the standard is in the section or part of the police where you mention references you used to develop the policy. 

In case you do not have this need, you do not need to mention ISO 27001 in your policy.  To see how an Information Security Policy compliant with ISO 27001 looks like, access the demo of this template at this link: https://advisera.com/27001academy/documentation/information-security-policy/

For further information, see:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 26, 2020

Nov 26, 2020