Information Security Policy for ISO 27001 Requirement 5.2

Setting your Information Security Policy

Senior management should take the responsibility of establishing an information security policy that:

  • is aligned with the organisation’s purpose
  • details the organisation’s information security objectives or at least demonstrate the framework that those objectives will be set on
  • has a commitment to satisfy infosec requirements and continually improve the ISMS and its policies

In addition to that, the information security policy itself should be documented and communicated within your organisation, as well as interested parties like your supply chain or potential new customers.

Discover how you can save time & reduce management resource using ISMS.online to achieve & maintain your ISO 27001 ISMS

The ISO 27001 Annex A Controls are listed below:

Need a set of ISO 27001 policies for your ISMS?

ISMS.online includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you a
77% head start with ISO 27001

 

Discover how you can save time & reduce management resource using ISMS.online to achieve & maintain your ISO 27001 ISMS

ISMS Online Rating: 5 out of 5
Share This