Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 240: | Line 240: | ||
=== Information security risk assessment=== | === Information security risk assessment=== | ||
The organization shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur, taking account of the criteria established in 3.1.2.1. | The organization shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur, taking account of the criteria established in [[Security_Policy#Information_security_risk_assessment|3.1.2.]]1. | ||
The organization shall retain documented information of the results of the information security risk assessments. | The organization shall retain documented information of the results of the information security risk assessments. | ||