Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 119: | Line 119: | ||
# Select appropriate information security risk treatment options, taking account of the risk assessment results; | # Select appropriate information security risk treatment options, taking account of the risk assessment results; | ||
# Determine all controls that are necessary to implement the information security risk treatment option(s) chosen; | # Determine all controls that are necessary to implement the information security risk treatment option(s) chosen; | ||
<small>NOTE Organizations can design controls as required, or identify them from any source. </small> | <small>NOTE Organizations can design controls as required, or identify them from any source. </small> | ||
# Compare the controls determined above with those in Annex A of ISO/IEC 27001:2013 and verify that no necessary controls have been omitted; | # Compare the controls determined above with those in Annex A of ISO/IEC 27001:2013 and verify that no necessary controls have been omitted; | ||