A5 Security policy

Information security is the process of securing the information in the organization.

A5.1.1 Information security policy document

A n information security policy document shall be approved by management and published and commnicated to all employees and relevant external parties

A5.1.2 Review of information security policy

The information security policy shall be reviewed at planned intervals or if significant changes occur to ensure its continuing suitability,adequecy and effectiveness

International standards

International standards
This intermnational standards adopts a process approach for establishing ,implementing,operating ,monitoring,reviewing,maintaining and improving an organization ISMS.The appliaction of system of process within an organization ,together with the identification and interaction of the process and their management,can be reffered to as a process approach.The process approach for information security management presented in the international standard encourages its users to emphasize the importance of:


a)Understanding an organization,s information security requirements and the need to establish policy and objectives of information security

b)Implementing and operating controls to manage organization,s information security risks in the context of the organization's overall bussiness risks

b)Monitoring and reviewind the performance and effectiveness of the ISMS

d)Continual improvement based on objective measurement

This international standard adopts the PDCA MODEL which is applies to structure all ISMS process


The adoption of PDCA model will also reflects the prciples as set out in the OECD guidelines governing the secuirity of information systems and networks