Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 78: | Line 78: | ||
When planning for the information security management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to: | When planning for the information security management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to: | ||
#ensure the information security management system can achieve its intended outcome(s); | # ensure the information security management system can achieve its intended outcome(s); | ||
# prevent, or reduce, undesired effects; and | |||
#prevent, or reduce, undesired effects; and | # achieve continual improvement. | ||
#achieve continual improvement. | |||
The organization shall plan: | The organization shall plan: | ||
#actions to address these risks and opportunities; and | # actions to address these risks and opportunities; and | ||
# how to: (a) integrate and implement the actions into its information security management system processes; and (b) evaluate the effectiveness of these actions. | |||
#how to | |||
====Information security risk assessment==== | ====Information security risk assessment==== | ||