Expert Advice Community

Guest

Policy users

  Quote
Guest
Guest user Created:   Jul 24, 2019 Last commented:   Jul 24, 2019

Policy users

1 - Why are the users of the policy (Policy for information transfer) limited to organizational units for information and communication technology?
0 0

Assign topic to the user

ISO 27001 LEAD IMPLEMENTER COURSE

Become certified as an ISO 27001 consultant.

ISO 27001 LEAD IMPLEMENTER COURSE

Become certified as an ISO 27001 consultant.

Expert
Rhand Leal Jul 24, 2019

Answer: Please note that "organizational units for information and communication technology" is only an example to consider for users of this document. You can change it for whatever users you see are relevant for your organization.

2 - Should the policy not be relevant to all employees of the company? Especially when the type of information (for which the communication channel will be defined) represent all assets of the organization? (Means the assets we chose for the risk assessment). So far I made a matrix about the allowed communication channels depending on the information type.

Answer: Please also note that for ISO 27001 this policy covers external parts and electronic communication, so for employees that do not use electronic communication nor have contact with external par ts this policy would have no sense for them. Of course, if these scenarios do not occur in your organization you can state that this policy is applicable to all your employees.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 23, 2019

Jul 23, 2019

Suggested Topics

Guest user Created:   May 20, 2020 ISO 27001 & 22301
Replies: 3
0 0

User Account Responsibilities

Guest user Created:   Dec 11, 2019 ISO 27001 & 22301
Replies: 1
0 0

Documents implementation

Guest user Created:   Nov 29, 2019 ISO 27001 & 22301
Replies: 1
0 0

RACI Matrix