Security Policy: Difference between revisions

Line 50:

Top management shall establish an information security policy that:

#is appropriate to the purpose of the organization;

#Is appropriate to the purpose of the organization;

#Includes information security objectives (see [[Security_Policy#information_security_objectives_and_planning_to_achieve_them|here]]) or provides the framework for setting information security objectives;

#~~includes~~ information security objectives (see ~~6.2~~) or provides the framework for setting information security objectives;

#Includes a commitment to satisfy applicable requirements related to information security; and

#Includes a commitment to continual improvement of the information security management system.

# ~~includes~~ a commitment to satisfy applicable requirements related to information security; and

#~~includes~~ a commitment to continual improvement of the information security management system.

The information security policy shall:

# Be available as documented information;

#be available as documented information;

# Be communicated within the organization; and

# Be available to interested parties, as appropriate.

#be communicated within the organization; and

#be available to interested parties, as appropriate.

Link to [https://docs.google.com/document/d/1_DLI40iDWLdDX672WwRZGfnIe88Ye0si9RMEwpgl3R4/edit?usp=sharing IS Policy and Objectives]

@@ Line 50: / Line 50: @@
 Top management shall establish an information security policy that:
-#is appropriate to the purpose of the organization;
+#Is appropriate to the purpose of the organization;
+#Includes information security objectives (see [[Security_Policy#information_security_objectives_and_planning_to_achieve_them|here]]) or provides the framework for setting information security objectives;
-#includes information security objectives (see 6.2) or provides the framework for setting information security objectives;
+#Includes a commitment to satisfy applicable requirements related to information security; and
+#Includes a commitment to continual improvement of the information security management system.
-# includes a commitment to satisfy applicable requirements related to information security; and
-#includes a commitment to continual improvement of the information security management system.
 The information security policy shall:
+# Be available as documented information;
-#be available as documented information;
+# Be communicated within the organization; and
+# Be available to interested parties, as appropriate.
-#be communicated within the organization; and
-#be available to interested parties, as appropriate.
     Link to [https://docs.google.com/document/d/1_DLI40iDWLdDX672WwRZGfnIe88Ye0si9RMEwpgl3R4/edit?usp=sharing IS Policy and Objectives]

Security Policy: Difference between revisions

Navigation menu

Search