Leadership requirements

(I have already done the diagnostic phase, in the implementation part I have made macro improvements to cover the points that the institution does not meet, in a macro improvement I have the leadership part, what can I develop to fulfill the leadership aspects? Taking into account that the process is a printed lottery

First is important to note that ISO 27001 requirements for leadership are the same regardless of the organization industry and size, so there are no additions or exclusions regarding a printed lottery process.

Considering that, to cover leadership requirements you must:

• develop an information security policy and define information security objectives, aligned with business strategies
• engage personnel around information security initiatives
• define and communicate responsibilities and authorities for relevant roles to information security

To see how an Information Security Policy looks like, please see this link: https://advisera.com/27001academy/documentation/information-security-policy/

These articles will provide you further explanation about leadership requirements:

• What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
• Aligning information security with the strategic direction of a company according to ISO 27001 https://advisera.com/27001academy/blog/2017/02/20/strategic-direction-of-a-company-according-to-iso-27001/
• How to document roles and responsibilities according to ISO 27001 https://advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
• Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/