|
+ISMS.1.A11 Continuity of Information Security (S) |
1. OverviewISMS.1.A11 Continuity of Information Security (S)An organisation SHOULD review its security process, security concepts, information securitypolicy, and organisational structure for information security in terms of their appropriateness and effectiveness and update them at regular intervals. Completeness and update checks of the security concept SHOULD also be performed regularly in this regard. Security audits SHOULD be performed regularly. In this regard, there SHOULD be rules that specify which areas and security safeguards need to be checked when and by whom. The level of security SHOULD be reviewed regularly (at least once a year) and whenever there is a reason to do so. These reviews SHOULD be performed by qualified and independent persons. The results of the reviews SHOULD be documented in a transparent manner. Based on this, shortcomings SHOULD be eliminated and corrective measures taken.
1.1 References1.2 Identified Requirements1.2 Related Regulation2. Identified Requirements
3. Related Regulations
|