GlossaryFoundations

Security Policy

A high-level document approved by top management that states an organization's intentions and direction for protecting information.

An information security policy is the anchor document of an ISMS. It sets out objectives, assigns responsibilities, and signals leadership commitment. ISO/IEC 27001 requires top management to establish and communicate such a policy.

The top-level policy is usually supported by topic-specific policies, for example on access control, acceptable use, or cryptography, and by procedures that describe how the rules are carried out day to day.

Related frameworks

ISO 27001

Run BCMS, ISMS, DSMS, and AIMS as one system

Book a demo

Security Policy

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal

Security Policy

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal