Security Policy: Difference between revisions

Jump to navigation Jump to search
← Older editNewer edit →
Line 52: Line 52:


:1. Is appropriate to the purpose of the organization;  
:1. Is appropriate to the purpose of the organization;  
* Includes information security objectives (see [[Security_Policy#information_security_objectives_and_planning_to_achieve_them|here]]) or provides the framework for setting information security objectives;
:2. Includes information security objectives (see [[Security_Policy#information_security_objectives_and_planning_to_achieve_them|here]]) or provides the framework for setting information security objectives;
* Includes a commitment to satisfy applicable requirements related to information security; and
:3. Includes a commitment to satisfy applicable requirements related to information security; and
* Includes a commitment to continual improvement of the information security management system.  
:4. Includes a commitment to continual improvement of the information security management system.  


The information security policy shall:
The information security policy shall:
* Be available as documented information;
:5. Be available as documented information;
* Be communicated within the organization; and
:6. Be communicated within the organization; and
* Be available to interested parties, as appropriate.
:7. Be available to interested parties, as appropriate.


   Link to [https://docs.google.com/document/d/1_DLI40iDWLdDX672WwRZGfnIe88Ye0si9RMEwpgl3R4/edit?usp=sharing IS Policy and Objectives]
   Link to [https://docs.google.com/document/d/1_DLI40iDWLdDX672WwRZGfnIe88Ye0si9RMEwpgl3R4/edit?usp=sharing IS Policy and Objectives]
Retrieved from "https://wiki.officience.com/Security_Policy"