Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 127: | Line 127: | ||
:5. Produce a Statement of Applicability that contains the necessary controls above and justification for inclusions, whether they are implemented or not, and the justification for exclusions of controls from Annex A; | :5. Produce a Statement of Applicability that contains the necessary controls above and justification for inclusions, whether they are implemented or not, and the justification for exclusions of controls from Annex A; | ||
:6. Formulate an information security risk treatment plan; and | :6. Formulate an information security risk treatment plan; and | ||
:7. Obtain risk owners’ approval of the information security risk treatment plan and acceptance of the residual information security risks. | :7. Obtain risk owners’ approval of the information security risk treatment plan and acceptance of the residual information security risks. | ||