ISO 27001 Annex A.10: Cryptography
This version of clause 7.4 is applicable to both ISO 27001:2022 and ISO 27001:2013.

{{snapshot}}
Clause requirements in brief
- In the implementation of the ISMS , communication plays an important role in supporting the programme in different ways and can be useful for both internal and external purposes.
- According to the standard, the organisation is required to determine what to communicate, when to communicate and whom to communicate with.
- For example, information security policies can be communicated internally and externally (like to interested parties), when it needs to be communicated and what information can be communicated with whom is important.
{{/snapshot}}
In the implementation of the ISMS, communication plays an important role in supporting the programme in different ways and can be useful for both internal and external purposes. According to the standard, the organisation is required to determine what to communicate, when to communicate and whom to communicate with. For example, information security policies can be communicated internally and externally (like to interested parties), when it needs to be communicated and what information can be communicated with whom is important.
In addition, how to communicate is also an important question. These communications can be in a general meeting or a documented form depending on the requirements.
| Point | What it requires |
|---|---|
| Point 1 | In the implementation of the ISMS , communication plays an important role in supporting the programme in different ways and can be useful for both internal and external purposes. |
| Point 2 | In addition, how to communicate is also an important question. |
{{snapshot}}
From the Hicomply team
In our experience, ISO 27001 Annex A.10: Cryptography works best when it is maintained as living evidence inside the ISMS, not recreated before each audit. Keep ownership, approvals, and version history clear, then use automation to reuse the same evidence across ISO 27001 and related frameworks. See how that works in a platform tour.
{{/snapshot}}
Ready to Take Control of Your Privacy Compliance?
See how Hicomply can accelerate your path to CAF compliance in a 15-minute demo.




