ISO/IEC 27000 Management Responsibilities, v2022
Specifies requirements in accordance with the security and privacy controls specified by ISO/IEC Publication 27001:2022, related to management responsibilities.
Assessment Step
|
1
Management Responsibilities (ManagementResponsibilities)
Does management require all personnel to follow the organization's information security policy, topic-specific policies, and related procedures?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Management Responsibilities
Management shall require all personnel to apply information security in accordance with the established information security policy, topic-specific policies and procedures of the organization.
Citations
27001
Annex A, Control 5.4
27002
Section 5.4
|