Professional Documents
Culture Documents
iso27001templates.com
Public IT Limited 2011
Information Security
Management System Policy
V 1.0 Draft 1
Page 1 of 28
Revision History
Version
Date
RFC Number
Summary of Changes
Document Review
Date of Next Scheduled Review
Distribution
Name
Title
Approval
Name
V 1.0 Draft 1
Position
Signature
Page 2 of 28
Date
Contents
1
INTRODUCTION......................................................................................................................... 5
V 1.0 Draft 1
Page 3 of 28
10
11
12
13
V 1.0 Draft 1
Page 4 of 28
1 Introduction
This policy defines how Information Security will be set up, managed,
measured, reported on and developed within [Organisation name].
The International Standard for Information Security, BS ISO/IEC 2700:2005
(referred to in this document as ISO/IEC 27001), is a development of the
earlier British Standard, BS 7799.
[Organisation name] has decided to pursue full certification to ISO/IEC 27001
in order that the effective adoption of Information Security Best Practice may
be validated by an external third party.
V 1.0 Draft 1
Page 5 of 28
4 Management Commitment
Commitment to Information Security extends to senior levels of the
organisation and will be demonstrated through this ISMS Policy and the
provision of appropriate resources to provide and develop the ISMS and
associated controls.
Top management will also ensure that a systematic review of performance of
the programme is conducted on a regular basis to ensure that quality
objectives are being met and quality issues are identified through the audit
programme and management processes. Management Review can take
several forms including departmental and other management meetings.
5 Management Representative
The [IT Manager] shall have overall authority and responsibility for the
implementation and management of the Information Security Management
System, specifically:
Page 6 of 28
6.1
6.1.1
Security Policy
Information Security Policy
V 1.0 Draft 1
Page 7 of 28
External Parties
Asset Management
Responsibility for Assets
V 1.0 Draft 1
Page 8 of 28