Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Integrate policies

Currently I encountered one problem, which is that the "Policy" of an ISMS is quite high level, while for our day-to-day work we are following some kind of "SOP", which are much lower level with details. So my doubt is how can we integrate these 2?

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

Why do you want to integrate them in an unique document? We think that it is better if you have a high level policy for the ISMS (with strategic intention, objectives, etc) and detailed policies for control access, backups, etc. If you have an unique document, it can be extensive and uncomfortable to read.
Finally, I think that this article can be very interesting for you "One Information Security Policy, or several policies?" :
https://advisera.com/27001academy/blog/2013/06/18/one-information-security-policy-or-several-policies/
And also can be interesting for you this article: Information security policy how detailed should it be? : https://advisera.com/27001academy/blog/2010/05/26/information-security-policy-how-detailed-should-it-be/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community