All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base
Company Security and customers first
About News Partners Careers Contact

ISO 27001 Clause 7.4: Communication (2022)

Read the requirements of ISO 27001 Clause 7.4: Communication, which requires the organisation to determine what to communicate, when to communicate and whom to communicate with.

This version of clause 7.4 is applicable to both ISO 27001:2022 and ISO 27001:2013.

In the implementation of the ISMS, communication plays an important role in supporting the programme in different ways and can be useful for both internal and external purposes. According to the standard, the organisation is required to determine what to communicate, when to communicate and whom to communicate with. For example, information security policies can be communicated internally and externally (like to interested parties), when it needs to be communicated and what information can be communicated with whom is important.

In addition, how to communicate is also an important question. These communications can be in a general meeting or a documented form depending on the requirements.