+OIS-02 Information Security Policy
---+OIS-02.01B
---+OIS-02.02B
---+OIS-02.03B
|
1. Übersicht
OIS-02 Information Security Policy
-
| Bezeichnung |
Standard |
|
OIS-02.01B
|
Top management of the cloud service provider has adopted an information security policy.
The top management is a natural person or group of persons who make the final decision for the organisation and is responsible for that decision.
|
|
OIS-02.02B
|
Top management of the cloud service provider has communicated the information security policy to internal and external personnel as well as cloud service customers.
The top management is a natural person or group of persons who make the final decision for the organisation and is responsible for that decision.
|
|
OIS-02.03B
|
The information security policy describes:
1. The importance of information security, based on the requirements of cloud service customers in relation to information security;
2. The security objectives and the desired security level, based on the business goals and activities as well as compliance obligations of the cloud service provider;
3. The cloud service provider's commitment to implement the necessary security measures for fulfilling the established security objectives;
4. The most important aspects of the security strategy to achieve the security objectives set; and
5. The organisational structure for information security in the scope of the ISMS.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|