Did we must mention ISO27001 in a General Information Security Policy ? How?
Assign topic to the user
I'm assuming by your statement that your organization is not ISO 27001 certified.
Considering that, you only need to mention ISO 27001 in a General Information Security Policy in case you want to point out that the policy complies with the standard's requirements. The best way to mention the standard is in the section or part of the police where you mention references you used to develop the policy.
In case you do not have this need, you do not need to mention ISO 27001 in your policy. To see how an Information Security Policy compliant with ISO 27001 looks like, access the demo of this template at this link: https://advisera.com/27001academy/documentation/information-security-policy/
For further information, see:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 26, 2020