Security Policy: Difference between revisions
Jump to navigation
Jump to search
m →Policy |
|||
| Line 51: | Line 51: | ||
Top management shall establish an information security policy that: | Top management shall establish an information security policy that: | ||
:1. Is appropriate to the purpose of the organization; | |||
* Includes information security objectives (see [[Security_Policy#information_security_objectives_and_planning_to_achieve_them|here]]) or provides the framework for setting information security objectives; | * Includes information security objectives (see [[Security_Policy#information_security_objectives_and_planning_to_achieve_them|here]]) or provides the framework for setting information security objectives; | ||
* Includes a commitment to satisfy applicable requirements related to information security; and | * Includes a commitment to satisfy applicable requirements related to information security; and | ||