ISO/IEC 27000 Compliance With Policies, Rules and Standards for Information Security, v2022
Specifies requirements in accordance with the security and privacy controls specified by ISO/IEC Publication 27001:2022, related to compliance with policies, rules and standards for information security.
Assessment Step
|
1
Compliance With Policies, Rules and Standards for Information Security (ComplianceWithPoliciesRulesandStandardsforInformationSecurity)
Does the organization regularly review its compliance with its information security policy, topic-specific policies, rules, and standards?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Compliance With Policies, Rules and Standards for Information Security
Compliance with the organization's information security policy, topic-specific policies, rules and standards shall be regularly reviewed.
Citations
27001
Annex A, Control 5.36
27002
Section 5.36
|