Title Page
-
Site
-
Prepared by
-
Date and Time
-
Location
4. Context of the Organization
-
4.1 Understanding the organization and its context
-
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.
-
4.2 Understanding the needs and expectations of interested parties
-
The organization shall determine:<br>a) interested parties that are relevant to the information security management system; and<br>b) the requirements of these interested parties relevant to information security
-
4.3 Determining the scope of the information security management system
-
The organization shall determine the boundaries and applicability of the information security management system to establish its scope.
-
4.4 Information security management system
-
The organization shall establish, implement, maintain and continually improve an information security management system, in accordance with the requirements of this International Standard.
5. Leadership
-
5.1 Leadership and commitment
-
Management shall provide evidence of its commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the ISMS by:
-
5.1 (a) ensuring the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization;
-
5.1 (b) ensuring the integration of the information security management system requirements into the organization’s processes;
-
5.1 (c) ensuring that the resources needed for the information security management system are available;
-
5.1 (d) communicating the importance of effective information security management and of conforming to the information security management system requirements;
-
5.1 (e) ensuring that the information security management system achieves its intended outcome(s);
-
5.1 (f) directing and supporting persons to contribute to the effectiveness of the information security management system;
-
5.1 (g) promoting continual improvement; and
-
5.1 (h) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
-
5.2 Policy
-
Top management shall establish an information security policy that:<br>a) is appropriate to the purpose of the organization;<br>b) includes information security objectives (see 6.2) or provides the framework for setting information security objectives;<br>c) includes a commitment to satisfy applicable requirements related to information security; and<br>d) includes a commitment to continual improvement of the information security management system.<br><br>The information security policy shall:<br>e) be available as documented information;<br>f) be communicated within the organization; and<br>g) be available to interested parties, as appropriate
-
5.3 Organizational roles, responsibilities and authorities
-
Top management shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated.
Completion
-
Comments/ Reconmmendations
-
Name and Signature
