In the beginner’s guide to ISO 27001 Communication you will learn
- What Communication is
- How to implement Communication
- Examples of Communications
I am Stuart Barker, the ISO 27001 Ninja and author of the Ultimate ISO 27001 Toolkit.
Table of contents
What is Communication?
Communication is about communicating key elements of the information security management system (ISMS) to relevant people. There are things that have to be communicated as part of the ISO 27001 standard and there are things that really should be communicated.
Communication can take many forms
- written communications
- verbal communications
and all communication methods are available to you based on your style, approach and culture. It is recommended to choose a variety of communication methods to be the most effective. This is based on people responding differently to different styles of communication.
By doing this you can:
- Implement a culture of information security: the most effective defence for information security is training and awareness. By implementing effective communications, combined with training, you will reduce the information security risks and events of the organisation.
- Enhance security: by telling people the risks and educating them on what to do you will empower them to take the right decisions, make the right choices and protect the organisation and themselves.
DO IT YOURSELF ISO 27001
All the templates, tools, support and knowledge you need to do it yourself.
Key Points
When planning communications take into account the following:
- what to communicate
- when to communicate
- with whom to communicate and
- how to communicate
Examples
There are common communications that are going to happen as part of your project’s implementation and throughout the year, the annual cycle of your information security management system.
Evidence and examples of communication include
- information security overview training
- training people
- training the management team
- training on the ISO 27001 framework
- where policies are
- how they raise an incident if something goes wrong
- who is ultimately responsible in our organisation for information security.
- how to take an audit
- technical training
ISO 27001 requirement for Communication
The ISO 27001 standard specifically addresses Communication in ISO 27001 Clause 7.4 Communication
How to implement Communication
For a detailed guide on how to implement Communication, read the implementation guide ISO 27001 Clause 7.4 Communication