ISO/IEC 27000 Classification of Information, v2022
Specifies requirements in accordance with the security and privacy controls specified by ISO/IEC Publication 27001:2022, related to classification of information.
Assessment Step
|
1
Classification of Information (ClassificationofInformation)
Does the organization classify information according to its information security needs based on confidentiality, integrity, availability, and relevant interested party requirements?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Classification of Information
Information shall be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements.
Citations
27001
Annex A, Control 5.12
27002
Section 5.12
|