One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 2148833 |
| Date de publication | 2020-08-26 12:41:58 (vue: 2021-01-06 20:37:56) |
| Titre | NBlog Aug 23 - ISMS comms plan |
| Texte |  Yesterday I started preparing an ISMS communications plan to satisfy ISO/IEC 27001:2013 clause 7.4, with a little help from the Web.Naturally I started out with the standard itself. Clause 7.4 doesn't literally demand that organisations must have a "communications plan" as such, otherwise it would have been one of the mandatory documents included in SecAware ISMS Launchpad. Oh no, it's more circumspect: the standard says "the organization shall determine the need for internal and external communications relevant to the information security management system" ... and proceeds to outline - yes, you guessed it - a "communications plan".ISO/IEC 27003:2017 confirms our assessment by stating explicitly:"Documented information on this activity and its outcome is mandatory only in the form and to the extent the organization determines as necessary for the effectiveness of its management system". In other words, a documented comms plan is discretionary - advised as good practice but not strictly demanded of every organisation for '27001 compliance certification.Well anyway, let's do it! To comply with the standard, what should typically be communicated in respect of the ISMS, when, to and by whom, and by what means?ISO/IEC 27003 offers examples of the things that should be communicated:Information security policies and procedures, plus changes thereto;[The organisation's] Information [risk and] security objectives;Knowledge on information security risks; Requirement |
| Envoyé | Oui |
| Condensat | a here hmmm 1/sc 27001 27001:2013 27003 27003:2017 3½ about achieve activity adjustment advice advised again albeit all allard along already an isms another anticipate anything anyway anyway: appreciate approval are asserted assessment aug authorising awareness bare been being ben beyond bit blog blue bones box brightly building bullet business but called came can case certificate certification changes chooks circumspect: clause close cloud columns comms communicate communicated communicated:information communications compliance comply comprehensive concerns concise/minimalist confirms conformance consider continue control cool could course covering cow crises customer customers customised day deer deliberately delivering demand demanded detailed determine determines develop discretionary documented documents doesn down drafted:the drafting each effectiveness effort elaborate every ewes example examples explains explicitly: extent external feed feeding find fine first flock followed for advisera to form found from front functions generates generic ginger glimpse glorious goals goats goes good google google and gradually guess guessed guidance has have hear help hence his hope hoping house how idea implementation important impression incidents included including inclusion incorporate information initial insertions inspiration inspire institute intends internal interpreted involved isms iso iso/iec its itself jtc just kids laboriously lambs launchpad laws laying least let life lines link list literally little luc management manager mandatory materials matures maybe means member mention million mirrors more much must naturally nature nblog necessary need neglected nevertheless new next not now objectives;knowledge offering offers office at one online only opportunity organisation organisations organization originally other otherwise out outcome outline outlining own page pages part people performance period piece plan planned plus point points policies practice preamble preparing pretty previously privacy procedures proceeds program progress project ps published putting quarter quite rather ravenous reading relevant remaining requirement requirements respect respected results results:jean risk risks; requirements rochester rows rural satisfy iso/iec says search secaware section security sequence service set settles several shall shining short shorter should simple sky slant small solution something specific spring standard started starting stating strategies street: strictly such suit summary sun suppliers; feedback system table taken takes tame tasks taster technology template templates than that then thereto; these things think thinking though three through time today together too trawling turned two typically unlikely useful usefully using usual various way web well what when which who whom will with the woelk words work worked/consulted would write writing year yesterday zealand |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.