Update Details: Update to PP-8-100 Information Security Policy Procedure
This is quite an important file which along with section 8 of the IMS1 standard covers all the information security requirements for ISO 27001 compliance and is therefore under constant review based on feedback from file users, consultants and auditors.
An update was made based on feedback from an ISO consultant with the following text added to the Mobile Device Policy section - ‘If the organisation requests that personal devices will be used for two-factor authentication, this will be under controlled conditions and will concern non-critical company systems.’ - to cover the risk associated with own devices being used to authenticate access to secure systems.
Files Updated:
