+ISMS.1.A1 Acceptance of Overall Responsibility for Information Security by Top Management [Top Management] (B)

1. Overview

ISMS.1.A1 Acceptance of Overall Responsibility for Information Security by Top Management [Top Management] (B)

An organisation's Top Management MUST take overall responsibility for information security
in the organisation. This MUST be clear to everyone involved. The Top Management MUST
initiate, control, and monitor the security process. The Top Management MUST set a good
example regarding information security.
The Top Management MUST define the responsibilities for information security. The
responsible employees MUST be equipped with the necessary skills and resources.
The Top Management MUST be regularly informed about the organisation's information
security status. In particular, the Top Management MUST be informed about possible risks and
consequences due to a lack of security safeguards.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Linked Issues

Issuelinks
Linktype	Issue
has risk	ISMS.1.G1. Lack of Personal Responsibility in the Security Process

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022