Expert Advice Community

Guest

Template content

  Quote
Guest
Guest user Created:   Mar 10, 2019 Last commented:   Mar 10, 2019

Template content

Hello, for me, there are two possible interpretations of the term "outside" (out of).
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 10, 2019
(Action) takes place "outside" the organization. The process can be: Registered shipping, encryption via TLS /SMTP, or similar. What exactly is meant by that? In my opinion, there are two interpretations:
a) The operation is actually outside the organizational unit. For example, an email is sent from a home office workstation. In this case, the email would be encrypted.
b) The process goes outside the organizational unit, so the shipment would be from internal to external.
The document is: Information Classification Policy
For shipping outside the organization, the document must be sent by a registered mail.
For shipping outside the organization area, the shipping method registered mail with acknowledgment of receipt must be selected.
The sending of email outside the organization must be encrypted.

Answer:

In the context of the Information Classification Policy "outside" means people or other entities not under responsibility or contro l of the organization (e.g., suppliers, customers, government, etc.). For example, when a regulator body issues a new regulation the organization must comply with, this regulation comes from outside the organization. Information that comes from people (e.g., employees, contractors) or other entities under control of the organization (e.g., subsidiaries) must be considered to come from "inside", even if they come from out of premises.

This article will provide you further explanation about information handling:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 10, 2019

Mar 10, 2019

Suggested Topics

Guest user Created:   Mar 13, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Mar 11, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Feb 26, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content - DRP