ISO27001/ISO27002 A Pocket Guide, 2nd edition

CHAPTER 9: MANAGEMENT RESPONSIBILITY

Implementation of an ISMS is something that ISO27001 recognises will affect the whole organisation. The requirements around scoping and the information security policy are explicit that there needs to be a documented justification for any exclusion from the scope, and that the policy should apply across the organisation.

ISO27001 is also clear that the ISMS should be designed to meet the needs of the organisation, and should be implemented and managed in a way that meets – and continues to meet – those needs.

Management direction

ISO27001 contains a requirement that management should ‘[communicate] the importance of effective information security management and of conforming to the information security management ...

Get ISO27001/ISO27002 A Pocket Guide, 2nd edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001/ISO27002 A Pocket Guide, 2nd edition by Alan Calder

CHAPTER 9: MANAGEMENT RESPONSIBILITY

Management direction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly