Information Security Management System Policy

Subscriber Content
Information Security Management System Policy

This policy establishes the scope of a company's information security management system and characterizes the interfaces of its environment in terms of processes and technical infrastructure.

The scope of the system can be defined using different perspectives: the company’s hierarchical and functional risk organization, business and support processes, and interfaces to its environment. The system is risk driven; therefore, operational security to assure that the company business processes are directly derived from the company's business requirements. The risk management perspective considering business operations defines the scope of the system.


Topics
Cybersecurity
IT Controls
IT Infrastructure
IT Security
IT Strategy
Fixed Assets
IT Audit

Related Resources

Policies & Procedures

End-User Information Security Background Policy

Policies & Procedures

IT Security Policy

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It