Organisation, structure and human resources
This list includes the main controls off which the rest of the system hangs. There is a need for a corporate-level information security policy, which is a statement of the organisation’s commitment and objectives relating to information security.
This needs to be available to everyone affected by it, which (as described earlier) includes suppliers, business partners, customers and staff.
There is a need to define where responsibilities for information security lie within the organisation and for the required forums and review bodies to be in place to meet the needs of the ISMS.
The human resources required to undertake all tasks relating to and affecting information security need to be sourced and ...
Get An Introduction to Information Security and ISO27001: A Pocket Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
