Leadership and Commitment, part a)
Top management shall demonstrate leadership and commitment with respect to the information security management system by:ensuring the information security policy and the information security objectives are established and compatible with the strategic direction of the organization.
Leadership and commitment, part b)
Top management shall demonstrate leadership and commitment with respect to the information security management system by: ensuring the integration of the information security management system requirements into the organization’s processes.
Leadership and commitment, part c)
Top management shall demonstrate leadership and commitment with respect to the information security management system by: ensuring that the resources needed for the information security management system are available.
Leadership and commitment, part d)
Top management shall demonstrate leadership and commitment with respect to the information security management system by: communicating the importance of effective information security management and of conforming to the information security management system requirements.
Leadership and commitment, part e)
Top management shall demonstrate leadership and commitment with respect to the information security management system by: ensuring that the information security management system achieves its intended outcome(s).
Leadership and commitment, part f)
Top management shall demonstrate leadership and commitment with respect to the information security management system by: directing and supporting persons to contribute to the effectiveness of the information security management system.
Leadership and commitment, part g)
Top management shall demonstrate leadership and commitment with respect to the information security management system by: promoting continual improvement.
Leadership and commitment, part h)
Top management shall demonstrate leadership and commitment with respect to the information security management system by: supporting other relevant management roles to demonstrate their leadership as it applies to their area of responsibility.
Policy, part a)
Top management shall establish an information security policy that: is appropriate to the purpose of the organization.
Policy, part b)
Top management shall establish an information security policy that: includes information security objectives (see 6.2) or provides the framework for setting information security objectives.
Policy, part c)
Top management shall establish an information security policy that: includes a commitment to satisfy applicable requirements related to information security.
Policy, part d)
Top management shall establish an information security policy that: includes a commitment to continual improvement of the information security management system.
Policy, part e)
The information security policy shall: be available as documented information.
Policy, part f)
The information security policy shall: be communicated within the organization.
Policy, part g)
The information security policy shall: be available to interested parties, as appropriate.
Organizatonal roles, responsibilities, and authorities, part a)
Top management shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated. Top management shall assign the responsibility and authority for: ensuring that the information security management system conforms to the requirements of this document. Note: Top management can also assign responsibilities and authorities for reporting performance of the information security management system within the organization.
Organizatonal roles, responsibilities, and authorities, part b)
Top management shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated. Top management shall assign the responsibility and authority for: reporting on the performance of the information security management system to top management. Note: Top management can also assign responsibilities and authorities for reporting performance of the information security management system within the organization.