This snapshot, taken on 04/03/2010, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.

We're creating a single website for everything to do with BIS but, while we do that, you'll find information in three places. > Find what you're looking for

 
 

ISO/IEC 27002 Section 1

The Information Security Standard ISO/IEC 27002 is divided into eleven main sections.  Section 1 is the Security Policy.

The Security Policy

The security policy normally describes:

  • The organisation's requirements for information security
  • The scope of the Information Security Management System (ISMS), including business functions, areas and sites covered
  • The general philosophy towards information security

To be effective it should be clearly supported by senior management.

Specific policies and procedures within the Information Security Management System (ISMS) must be consistent with the security policy.

If a person encounters a situation that is not specifically mentioned in detail, the security policy should be a good general guide for actions required.

Use links below for further information:

ISO/IEC 27002 Section 2 
ISO/IEC 27002 Section 3 
ISO/IEC 27002 Section 4 
ISO/IEC 27002 Section 5
ISO/IEC 27002 Section 6 
ISO/IEC 27002 Section 7 
ISO/IEC 27002 Section 8
ISO/IEC 27002 Section 9
ISO/IEC 27002 Section 10 
ISO/IEC 27002 Section 11
ISO/IEC 27002 Explained 

If you would like more background information about information security standards follow the link.

© Crown copyright2010