Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 140: | Line 140: | ||
:1. be consistent with the information security policy; | :1. be consistent with the information security policy; | ||
:2. be measurable (if practicable); | :2. be measurable (if practicable); | ||
:3. take into account applicable information security requirements, and results from risk assessment and risk treatment; | :3. take into account applicable information security requirements, and results from risk assessment and risk treatment; | ||
:4. be communicated; and | :4. be communicated; and | ||
:5. be updated as appropriate. | :5. be updated as appropriate. | ||
| Line 152: | Line 148: | ||
:6. what will be done; | :6. what will be done; | ||
:7. what resources will be required; | :7. what resources will be required; | ||
:8. who will be responsible; | :8. who will be responsible; | ||
:9. when it will be completed; and | :9. when it will be completed; and | ||
:10. how the results will be evaluated. | :10. how the results will be evaluated. | ||