Expert Advice Community

Guest

Objectives documentation requirements

  Quote
Guest
Guest user Created:   Apr 08, 2020 Last commented:   Apr 08, 2020

Objectives documentation requirements

 In an ISMS project, should there be a separate document for High Level Info Sec Objectives and another for Low level Objective? High level in Information Security Context, Requirements and Scope document and low level in ISMS Policy document ?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 08, 2020

 ISO 27001 does not prescribe how to document information security objectives, so both way you proposed are acceptable.

What normally happens in ISO 27001 implementation projects is that High-Level Info Sec Objectives are documented in the Information Security Policy and other security objectives are documented in the Statement of Applicability document.

To see how these documents look like, please access these links:
- https://advisera.com/27001academy/documentation/information-security-policy/
- https://advisera.com/27001academy/documentation/statement-of-applicability/

These articles will provide you further explanation about Information Security Policy and Statement of Applicability:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 08, 2020

Apr 08, 2020

Suggested Topics