ISO 27001:2023 Section | Document Section |
---|---|
4.3 Determining the scope of the information security management system | 1. |
4.4 Information security management system | (All) |
5.1 Leadership and commitment | 8. |
5.2 Policy | 2. |
5.3 Organizational roles, responsibilities and authorities | 8. |
The Information Security Policy describes the scope of the Information Security Management System (ISMS), its documented procedures and a description of their interactions.
The policy described in this document outlines the framework to manage information security in <your company name>.
This policy applies to all employees, contractors, and third-party vendors of [Organization Name] who have access to electronic and physical information systems and data.
<your company name> commits to maintaining the confidentiality, integrity, and availability of all its information assets. This is achieved through:
The organization will regularly carry out risk assessments to identify, evaluate, and address risks associated with information security.
A structured approach will be followed to handle security breaches or incidents, which includes incident reporting, investigation, and mitigation strategies to prevent future occurrences.
Compliance with this policy will be monitored and reviewed as part of the ongoing performance evaluation process. Violations of this policy will result in disciplinary action, which may include termination and legal action, depending on the severity of the breach.
This policy will be reviewed annually or in response to significant organizational or technological changes to ensure its continuing suitability, accuracy, and effectiveness.
Describe the roles of the people in your company. Typically this is done by drawing an organigram (you could use draw.io for that). Or, you just use a table like below.
Minimum requirement information: required qualification and description of tasks related to QMS process involvement If applicable, add: report / authority, access rights, etc.
Role | People |
---|---|
CEO | Steve Jobs |
CTO | Steve Wozniak |
ISO | Oliver Eidel |
All C-level roles (CEO, CTO, CMO) are referred to as the Management. Management is generally responsible to endorse and support the Information Security Policy by providing the necessary resources and authority to implement it.
The Information Security Officer (ISO) is responsible for maintaining the ISMS and ensuring the policy is implemented, monitored, reviewed, and updated.
All Employees are required to adhere to this policy and report any security breaches or incidents to the designated authority.
Required qualification for this role:
Template Copyright openregulatory.com. See template license.
Please don’t remove this notice even if you’ve modified contents of this template.