Information Transfer Policy Template

Purpose

The purpose of this policy is ensuring that correct treatment when transferring information internally and externally to the company and to protect the transfer of information through the use of all types of communication facilities.

Scope

All company employees and external party users.

Information that forms part of systems and applications deemed in scope by the ISO 27001 scope statement.

Principle

Data transfer must comply with all legal and regulation legislation requirements including but not limited to the GDPR and Data Protection Act 2018.

Formal agreements that include non-disclosure and confidentially clauses must be in place for data sharing prior to the data transfer.

Personal data must not be transferred outside the European Economic Area without legal consent, justification and legal mechanisms in place.

No personal or confidential information is to be transferred unencrypted.

All transfers are in line with IS 03 Information Classification and Handling Policy

Information Transfer Policy Template Contents

Document Version Control 2
Document Contents Page 3
Purpose 5
Scope 5
Information Transfer Policy 5
Principles 5
Information Virus Checking 6
Information Encryption 6
Data Transfer Methods 6
Preferred Transfer Method 6
Data Transfer by Email 6
Data transfers by post/courier 7
Data transfers on removable media / memory sticks 7
Telephones, Mobile Phones and General Conversations 8
Data Transfers over Bluetooth 9
Lost or missing information 10
Policy Compliance 11
Compliance Measurement 11
Exceptions 11
Non-Compliance 11
Continual Improvement 11

High Table ISO 27001 Store

The High Table ISO 27001 store for ISO 27001 policies and ISO 27001 ISMS documents is built on 20 years of experience and real world usage, used to pass hundreds of ISO 27001 audits globally.