According to ISO 27001, the classification of information is one of the first steps to take into account when building a security plan.
Among the previous steps are almost only the formation of a safety committee, the highest body of authority in this regard, and a general security policy, which guarantees the commitment of senior management or management in the creation of the plan.
- Publicidad -
The classification of information will allow us to determine mainly the way in which we will protect it, so it is not a minor issue.
