A policy statement is a short version of a policy, often used for general public display. Some policies, like the Information Security Policy, have several pages, and for easiness of understanding of the general public, a one-page version is developed, covering the main aspects an organization wants to highlight. A policy statement needs to have a disclaimer informing that it is not the full version of the policy, where you can find the full version, and that this version does not deviate from the content from the full version.
We do not recommend the use of a policy statement as an ISMS policy document because there is a risk of a one-page document do not fulfill standard's requirements
This article will provide you a further explanation about the Information Security Policy:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
These materials will also help you regarding the Information Security Policy:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 17, 2020