Expert Advice Community

Guest

Meaning of information to ISO 27001

  Quote
Guest
Guest user Created:   Nov 03, 2017 Last commented:   Nov 03, 2017

Meaning of information to ISO 27001

I have an issue with this corrigendum. The term "information" is quite wide and can be interpreted in several ways, which adds to the complexity of implementing this control. It would be interesting to know what guidelines ISO 27002 provides in light of the change.
Question refers to this article: European 2017 Revision of ISO/IEC 27001: What has changed? https://advisera.com/27001academy/blog/2017/10/25/european-2017-revision-of-isoiec-27001-what-has-changed/
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 03, 2017
ISO 27002 corrigendum related to change of control objective A.8.1.1 in ISO 27001 does not add any clarification regarding the meaning of information. It only makes texts adjustments regarding the change of control objective. To see this related corrigendum, please access this ISO page: https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:cor:1:v1:en
In fact, ISO 27001 series do not define the meaning of information, allowing organizations to use the definition considered more appropriate to their context. So, my recommendation to you is that your organization document a definition for information that is adequate to its context and implement its controls according this definition.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 03, 2017

Nov 03, 2017