Template content

(Action) takes place "outside" the organization. The process can be: Registered shipping, encryption via TLS /SMTP, or similar. What exactly is meant by that? In my opinion, there are two interpretations:
a) The operation is actually outside the organizational unit. For example, an email is sent from a home office workstation. In this case, the email would be encrypted.
b) The process goes outside the organizational unit, so the shipment would be from internal to external.
The document is: Information Classification Policy
For shipping outside the organization, the document must be sent by a registered mail.
For shipping outside the organization area, the shipping method registered mail with acknowledgment of receipt must be selected.
The sending of email outside the organization must be encrypted.

Answer:

In the context of the Information Classification Policy "outside" means people or other entities not under responsibility or contro l of the organization (e.g., suppliers, customers, government, etc.). For example, when a regulator body issues a new regulation the organization must comply with, this regulation comes from outside the organization. Information that comes from people (e.g., employees, contractors) or other entities under control of the organization (e.g., subsidiaries) must be considered to come from "inside", even if they come from out of premises.

This article will provide you further explanation about information handling:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/