ISO27001 – Control 5.1 – Policies for Information Security

By |2024-02-21T15:08:20+00:00February 21st, 2024|ISO 27001 Controls|

ISO27001 - Control 5.1 - Policies for Information Security Control Information security policy and topic-specific policies should be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur. What this means This control is all about the importance of having robust security information policies in place and reviewing them regularly. Information security policies provide the foundation for managing risks and protecting information assets and there are certain policies required by [...]

Let’s talk policies and procedures

By |2024-02-23T13:10:31+00:00May 7th, 2022|ISO27001 Implementation, policies and procedures|

Let’s talk policies and procedures I often get asked why organisations should bother with policies and procedures. My response is that it creates a uniform structure by which the organisation works, saving time and resources. For larger organisations it shows a fairness in the way it operates as everyone has the same procedure to follow. What usually goes wrong is that the person writing the policy struggles to be able to put into words what needs to happen. Believe me, we have seen some policies which [...]

Go to Top