Internal Organization Whether management demonstrates active support for security measures within the organization. Whether management approval is obtained for the r evised policy. Whether the results of the management review are taken into account. Whether any defined Information Security Policy r eview procedures exist and do they include r equirements for the management review. Whether the Information Security policy has an owner, w ho has approved management responsibility for d evelopment, review and evaluation of the security Review of Informational Security Policy policy. Whether the Information Security Policy is reviewed at p lanned intervals, or if significant changes occur to e nsure its continuing suitability, adequacy and e ffectiveness. Information security policy document Whether the policy states management commitment a nd sets out the organizational approach to managing i nformation security. Audit area, objective and questionSectionInformation Security Policy Whether there exists an Information security policy, w hich is approved by the management, published and c ommunicated as appropriate to all employees.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |