Let’s talk about Information transfer policies and procedures (ISO27001 Annex A Control 13.2.1)

Questions about how to address this control are usually raised by clients early on in discussions on how to implement ISO27001 requirements. “What is meant by transfer?” and “Do we really need complex procedures as that isn’t going to work with our culture” are typical. The ISO27001 document gives the outline “Formal transfer policies, procedures…..protect… Read More