Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 230: | Line 230: | ||
=== Operational planning and control=== | === Operational planning and control=== | ||
The organization shall plan, implement and control the processes needed to meet information security requirements, and to implement the actions determined in 3.1. The organization shall also implement plans to achieve information security objectives determined in 3.2. | The organization shall plan, implement and control the processes needed to meet information security requirements, and to implement the actions determined in [[Security_Policy#Actions_to_address_risks_and_opportunities|3.1]]. The organization shall also implement plans to achieve information security objectives determined in [[Security_Policy#Information_security_objectives_and_planning_to_achieve_them|3.2]]. | ||
The organization shall keep documented information to the extent necessary to have confidence that the processes have been carried out as planned. | The organization shall keep documented information to the extent necessary to have confidence that the processes have been carried out as planned. | ||