Policy statement
Assign topic to the user
Answer:
First is important to understand that these policies are different because they have very different audiences. ISO 27001 policy is to be used by top management, while ISO 9001 policy is for public display. We do not recommend to try to shorten the ISMS policy to a one page document because there is a risk of the document does not fulfill standard's requirements
You can develop a public display version of the ISMS policy to fulfill your needs, but this version has to have a disclaimer informing that it is not the full version of the ISMS polic y, where you can find the full version, and that this version does not deviate from the content from the full version.
Considering all this, to create a version of the ISMS policy statement in the same format as the Quality policy, as general guidance you should change the references from ISO 9001 to ISO 27001, because most of the requirements are the same. For example:
- in the first paragraph you should have something like this: "The basic orientation of [organization's name] [include here the objectives defined on section 4.1 of the ISMS policy]"
- in the bullet related to commitment you should have something like this: "Commitment to protect information from [processes/services described in the ISMS scope document]"
Comment as guest or Sign in
Mar 07, 2019