Security Policy: Difference between revisions

← Older edit Newer edit →

@@ Line 352: / Line 352: @@
 | 1.3 || Scope of the ISMS
 |-
-| 5.2 & 6.2 || IS Policy & Objectives
+| 2.2 & 3.2 || IS Policy & Objectives
 |-
-| 6.1.2 || Risk Assessment & Risk Treatment Methodology
+| 3.1.2 || Risk Assessment & Risk Treatment Methodology
 |-
-| 6.1.3.d || Statement of Applicability
+| 3.1.3.d || Statement of Applicability
 |-
-| 6.1.3.e & 6.2 || Risk treatment plan
+| 3.1.3.5 & 3.2 || Risk treatment plan
 |-
-| 8.2 || Risk assessment report
+| 5.2 || Risk assessment report
 |-
 | A.7.1.2 & A.13.2.4 || Definition of Security Roles and Responsibilities
@@ Line 382: / Line 382: @@
 | A.18.1.1 || Statutory, Regulatory, and Contractual Requirements
 |-
-| 7.2 || Records of Training, Skills, Experience and Qualifications
+| 4.2 || Records of Training, Skills, Experience and Qualifications
 |-
-| 9.1 || Monitoring and Measurement Results
+| 6.1 || Monitoring and Measurement Results
 |-
-| 9.2 || Internal Audit Program
+| 6.2 || Internal Audit Program
 |-
-| 9.2 || Results of Internal Audits
+| 6.2 || Results of Internal Audits
 |-
-| 9.3 || Results of the Management Review
+| 6.3 || Results of the Management Review
 |-
-| 10.1 || Results of Corrective Actions
+| 7.1 || Results of Corrective Actions
 |-
 | A.12.4.1 & 12.4.3 || Logs of User Activities, Exceptions, and Security Events
 |-
-| 7.5 || Procedure for document control
+| 4.5 || Procedure for document control
 |-
-| 7.5 || Controls for managing records
+| 4.5 || Controls for managing records
 |-
-| 9.2 || Procedure for internal audit
+| 6.2 || Procedure for internal audit
 |-
-| 10.1 || Procedure for corrective action
+| 7.1 || Procedure for corrective action
 |-
 | A.6.2.1 || Bring your own device (BYOD) policy

Security Policy: Difference between revisions

Navigation menu

Search