Quality Assurance

This control is related to Management.

Nothing is constant in this world. The environment, vulnerabilities and business models are continuously changing. So, it becomes important to continually review the information security policy.

Read more…

This control is related to Management and Operations.

The management should provide support and a clear policy direction across the organization in the form of a written business document for information security. Management must communicate information security policy to all employees and relevant parties including consultants, contractors, vendors, business partners etc.

Read more…