ISO 27001 Annex A.10: Cryptography

In the implementation of the ISMS, communication plays an important role in supporting the programme in different ways and can be useful for both internal and external purposes. According to the standard, the organisation is required to determine what to communicate, when to communicate and whom to communicate with. For example, information security policies can be communicated internally and externally (like to interested parties), when it needs to be communicated and what information can be communicated with whom is important.

In addition, how to communicate is also an important question. These communications can be in a general meeting or a documented form depending on the requirements.