A5 Security policy

Information security is the process of securing the information in the organization.

A5.1.1 Information security policy document

A n information security policy document shall be approved by management and published and commnicated to all employees and relevant external parties

A5.1.2 Review of information security policy

The information security policy shall be reviewed at planned intervals or if significant changes occur to ensure its continuing suitability,adequecy and effectiveness