+ISMS.1.A3 Drawing Up an Information Security Policy [Top Management] (B)

1. Overview

ISMS.1.A3 Drawing Up an Information Security Policy [Top Management] (B)

An organisation's Top Management MUST adopt an overarching information security policy.
This MUST describe the value of information security, the organisation's security objectives,
the most important elements of the security strategy, and the organisational structure for
information security. The scope of the security policy MUST be clearly defined. The policy for
information security MUST explain the security objectives and how they relate to the business
objectives and tasks of the organisation.
The Top Management MUST communicate the information security policy to all staff and
other members of the organisation. The information security policy SHOULD be updated
regularly.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022