Assign topic to the user
Answer: Please note that "organizational units for information and communication technology" is only an example to consider for users of this document. You can change it for whatever users you see are relevant for your organization.
2 - Should the policy not be relevant to all employees of the company? Especially when the type of information (for which the communication channel will be defined) represent all assets of the organization? (Means the assets we chose for the risk assessment). So far I made a matrix about the allowed communication channels depending on the information type.
Answer: Please also note that for ISO 27001 this policy covers external parts and electronic communication, so for employees that do not use electronic communication nor have contact with external par ts this policy would have no sense for them. Of course, if these scenarios do not occur in your organization you can state that this policy is applicable to all your employees.
Comment as guest or Sign in
Jul 23, 2019