Hello,
Can you please advise me how to define and formalize a top management involvement strategy?
Assign topic to the user
In ISO 27001, the involvement of top management is defined and documented in the Information Security Policy. The definition of top management involvement must consider the expected objectives from the ISMS, as well as the business objectives and strategies.
To see how an Information Security Policy looks like, see: https://advisera.com/27001academy/documentation/information-security-policy/
These articles will provide you a further explanation about the Information Security Policy:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- Aligning information security with the strategic direction of a company according to ISO 27001 https://advisera.com/27001academy/blog/2017/02/20/strategic-direction-of-a-company-according-to-iso-27001/
- 4 crucial techniques for convincing your top management about ISO 27001 implementation https://advisera.com/27001academy/blog/2016/09/12/4-crucial-techniques-for-convincing-your-top-management-about-iso27001-implementation/
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
Comment as guest or Sign in
Sep 18, 2020