Security Policy: Difference between revisions

Jump to navigation Jump to search
← Older editNewer edit →
Line 202: Line 202:
The organization’s information security management system shall include:
The organization’s information security management system shall include:


:1. Documented information required by this International Standard; and
:1. documented information required by this International Standard; and


:2. Documented information determined by the organization as being necessary for the effectiveness of the information security management system.
:2. documented information determined by the organization as being necessary for the effectiveness of the information security management system.


   <small>NOTE The extent of documented information for an information security management system can differ from one organization to another due to: </small>
   <small>NOTE The extent of documented information for an information security management system can differ from one organization to another due to: </small>


:3. The size of organization and its type of activities, processes, products and services;
:3. the size of organization and its type of activities, processes, products and services;


:4. The complexity of processes and their interactions; and
:4. the complexity of processes and their interactions; and


:5. The competence of persons.
:5. the competence of persons.


====Creating and updating====
====Creating and updating====
Retrieved from "https://wiki.officience.com/Security_Policy"