Security Policy: Difference between revisions

Jump to navigation Jump to search
Newer edit →
Created page with "== Context of the organization == '''1. Understanding the organization and its context''' The organization shall determine external and internal issues that are relevant to i..."
 
No edit summary
Line 36: Line 36:
== Leadership ==
== Leadership ==


1. Leadership and commitment
'''1. Leadership and commitment
 
Top management shall demonstrate leadership and commitment with respect to the information security management system by:
Top management shall demonstrate leadership and commitment with respect to the information security management system by:
a) ensuring the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization;
a) ensuring the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization;
b) ensuring the integration of the information security management system requirements into the organization’s processes;
b) ensuring the integration of the information security management system requirements into the organization’s processes;
c) ensuring that the resources needed for the information security management system are available;
c) ensuring that the resources needed for the information security management system are available;
d) communicating the importance of effective information security management and of conforming to the information security management system requirements;
d) communicating the importance of effective information security management and of conforming to the information security management system requirements;
e) ensuring that the information security management system achieves its intended outcome(s);
e) ensuring that the information security management system achieves its intended outcome(s);
f) directing and supporting persons to contribute to the effectiveness of the information security management system;
f) directing and supporting persons to contribute to the effectiveness of the information security management system;
g) promoting continual improvement; and
g) promoting continual improvement; and
h) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
h) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
5.2 Policy
 
'''2 Policy
 
Top management shall establish an information security policy that:
Top management shall establish an information security policy that:
a) is appropriate to the purpose of the organization;
a) is appropriate to the purpose of the organization;
b) includes information security objectives (see 6.2) or provides the framework for setting information security objectives;
b) includes information security objectives (see 6.2) or provides the framework for setting information security objectives;
c) includes a commitment to satisfy applicable requirements related to information security; and
c) includes a commitment to satisfy applicable requirements related to information security; and
d) includes a commitment to continual improvement of the information security management system.
d) includes a commitment to continual improvement of the information security management system.


The information security policy shall:
The information security policy shall:
e) be available as documented information;
e) be available as documented information;
f) be communicated within the organization; and
f) be communicated within the organization; and
g) be available to interested parties, as appropriate.
g) be available to interested parties, as appropriate.


3 Organizational roles, responsibilities and authorities
'''3. Organizational roles, responsibilities and authorities
Top management shall ensure that the responsibilities and authorities for roles relevant to information
 
security are assigned and communicated.
Top management shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated. Top management shall assign the responsibility and authority for:
Top management shall assign the responsibility and authority for:
 
a) ensuring that the information security management system conforms to the requirements of this
a) ensuring that the information security management system conforms to the requirements of this
International Standard; and
International Standard; and
b) reporting on the performance of the information security management system to top management.
b) reporting on the performance of the information security management system to top management.


NOTE Top management may also assign responsibilities and authorities for reporting performance of the
NOTE Top management may also assign responsibilities and authorities for reporting performance of the information security management system within the organization.
information security management system within the organization.
Retrieved from "https://wiki.officience.com/Security_Policy"