LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Policy statement

  Quote
Guest
Guest user Created:   Mar 07, 2019 Last commented:   Mar 07, 2019

Policy statement

We have our audit fast approaching, and we would like to have the broadcast ready for our Quality Policy and ISMS Policy. Within 9001 and 27001, we have noticed these two documents have a very different format. 9001 is presented as a 1 page Certificate Format and 27001 is presented as a very detailed 4 page policy that cannot be used for a Certificate Format. Can you please assist here, so our 9001 and 27001 Policy Statements appear uniformed and aligned to present framed for our clients.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 07, 2019

Answer:

First is important to understand that these policies are different because they have very different audiences. ISO 27001 policy is to be used by top management, while ISO 9001 policy is for public display. We do not recommend to try to shorten the ISMS policy to a one page document because there is a risk of the document does not fulfill standard's requirements

You can develop a public display version of the ISMS policy to fulfill your needs, but this version has to have a disclaimer informing that it is not the full version of the ISMS polic y, where you can find the full version, and that this version does not deviate from the content from the full version.

Considering all this, to create a version of the ISMS policy statement in the same format as the Quality policy, as general guidance you should change the references from ISO 9001 to ISO 27001, because most of the requirements are the same. For example:

- in the first paragraph you should have something like this: "The basic orientation of [organization's name] [include here the objectives defined on section 4.1 of the ISMS policy]"
- in the bullet related to commitment you should have something like this: "Commitment to protect information from [processes/services described in the ISMS scope document]"
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 07, 2019

Mar 07, 2019

Suggested Topics

Guest user Created:   Dec 17, 2020 ISO 27001 & 22301
Replies: 1
0 0

Policy statement

Guest user Created:   Apr 13, 2019 ISO 27001 & 22301
Replies: 1
0 0

Elaborating a security policy