Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 54: | Line 54: | ||
#Includes information security objectives (see [[Security_Policy#information_security_objectives_and_planning_to_achieve_them|here]]) or provides the framework for setting information security objectives; | #Includes information security objectives (see [[Security_Policy#information_security_objectives_and_planning_to_achieve_them|here]]) or provides the framework for setting information security objectives; | ||
#Includes a commitment to satisfy applicable requirements related to information security; and | #Includes a commitment to satisfy applicable requirements related to information security; and | ||
#Includes a commitment to continual improvement of the information security management system. | #Includes a commitment to continual improvement of the information security management system. | ||
The information security policy shall: | |||
The information security policy shall: | |||
# Be available as documented information; | # Be available as documented information; | ||
# Be communicated within the organization; and | # Be communicated within the organization; and | ||