+ISMS.1.A12 Management Reports on Information Security [Top Management] (S)

1. Overview

ISMS.1.A12 Management Reports on Information Security [Top Management] (S)

An organisation's Top Management SHOULD be regularly informed about the status of
information security—in particular, about the current threat landscape and the effectiveness
and efficiency of its security process. In addition, management reports SHOULD be written
that contain the most important information relevant to the security process, especially with
regard to problems, successes, and potential improvements. The management reports
SHOULD contain clearly prioritised proposals for action. The proposed actions SHOULD be
accompanied by realistic estimates of the expected implementation effort. The management
reports SHOULD be archived in an audit-compliant manner.
Management decisions relating to required actions, the handling of residual risks, and changes
to security-relevant processes SHOULD be documented. These management decisions
SHOULD be archived in an audit-compliant manner.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022