Questions to top management

Answer:

In fact you do not need 10 questions for top management regarding information security, because they do not need to have deep knowledge of information security to properly support it. These are the main questions you should consider asking them:
- Which benefits you understand information security management brings to your company?
- How information security objectives support business objectives?
- By which means do you support information security practices in your company?

Of course you can expand these questions to fulfill your needs (e.g., specific questions about communicating the information security policy and the realization of management review).

These articles will provide you further explanation about top management and ISO 27001:
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in- iso-27001-and-iso-22301/
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- Top management perspective of information security implementation https://advisera.com/27001academy/blog/2012/12/04/top-management-perspective-of-information-security-implementation/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/