We're creating a single website for everything to do with BIS but, while we do that, you'll find information in three places. > Find what you're looking for

ISO/IEC 27002 Section 1

The Information Security Standard ISO/IEC 27002 is divided into eleven main sections. Section 1 is the Security Policy.

The Security Policy

The security policy normally describes:

The organisation's requirements for information security
The scope of the Information Security Management System (ISMS), including business functions, areas and sites covered
The general philosophy towards information security

To be effective it should be clearly supported by senior management.

Specific policies and procedures within the Information Security Management System (ISMS) must be consistent with the security policy.

If a person encounters a situation that is not specifically mentioned in detail, the security policy should be a good general guide for actions required.

Use links below for further information:

ISO/IEC 27002 Section 2
ISO/IEC 27002 Section 3
ISO/IEC 27002 Section 4
ISO/IEC 27002 Section 5
ISO/IEC 27002 Section 6
ISO/IEC 27002 Section 7
ISO/IEC 27002 Section 8
ISO/IEC 27002 Section 9
ISO/IEC 27002 Section 10
ISO/IEC 27002 Section 11
ISO/IEC 27002 Explained

If you would like more background information about information security standards follow the link.

Main Menu

ISO/IEC 27002 Section 1

The Security Policy