Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

IT Security Policy

  Quote
Guest
Guest user Created:   Feb 19, 2021 Last commented:   Feb 19, 2021

IT Security Policy

I have been tasked to produce an IT Security Policy as our current one is outdated. I am currently considering approaching such policy in two folds : Information Security and Information Technology Security.

Since they’re both intertwined because of the CIA of information and related security controls (information, assets, physical security, networks, collaboration tools, online sharing, cyber space, etc.), is it worth to separate them or one encompassing both is sufficient and valuable from an audit standpoint?

The policy is driven by *** which includes 8 pillar requirements as far as security controls go.

So, I just need few tips and guidance to build an up-to-date policy reflective of new policy requirements based on new operational trends driven by new technologies and services (PaaS, SaaS, CaaS, to name a few). Also, such policy must be simple enough to optimize comprehension and adherence from Senior Management. Our organization is not looking to implement a framework on its own.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 19, 2021

ISO 27001 does not prescribe how to write a document, so both approaches (to have two documents or a single one) are acceptable by the standard.

In this case, your decision should be based on how big and complex a single document would be because this can make it more difficult for people to read, understand, and use it properly.

To see how an Information Security Policy and Information Technology Security Policy compliant with ISO 27001 look like, please access the free demo of these templates:

These articles will provide you a further explanation about how to develop documents:

These materials will also help you regarding ISO 27001:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 19, 2021

Feb 19, 2021

Suggested Topics