Information Security Management System Policy

Subscriber Content
Information Security Management System Policy
Sample Procedures for Defining and Implementing Effective Information Security Management Systems

This policy establishes the scope of a company's information security management system and characterizes the interfaces of its environment in terms of processes and technical infrastructure.

The scope of the system can be defined using different perspectives: the company’s hierarchical and functional risk organization, business and support processes, and interfaces to its environment. The system is risk driven; therefore, operational security to assure that the company business processes are directly derived from the company's business requirements. The risk management perspective considering business operations defines the scope of the system.

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.