We're creating a single website for everything to do with BIS but, while we do that, you'll find information in three places. > Find what you're looking for

ISO/IEC 27002 Section 2

The Information Security Standard ISO/IEC 27002 is divided into eleven main sections. Section 2 is Organising Information Security.

Organising Information Security

The Organising Information Security section should describe:

How the organisation manages information security
The responsibilities of each relevant person, committee or forum. Includes responsibilities for creating, revising and following procedures and policies

Many companies will have a management structure that can support information security without major changes. In such companies, the only requirement may be that a few committees have "information security report" as a standard agenda item.

An organisational security structure should be detailed, indicating:

Who staff can contact when they need help or advice
Who staff should report to regarding security problems, difficulties or successes

At the top of the structure should be the Board (or equivalent), which has overall responsibility for the organisation. Those responsible for following the policies and procedures should be arranged in a hierarchy below this level.

Organisational security must include temporary staff, contractors and third parties with access to sites, equipment, people or information.

Use links below for further information:

ISO/IEC 27002 Section 1
ISO/IEC 27002 Section 3
ISO/IEC 27002 Section 4
ISO/IEC 27002 Section 5
ISO/IEC 27002 Section 6
ISO/IEC 27002 Section 7
ISO/IEC 27002 Section 8
ISO/IEC 27002 Section 9
ISO/IEC 27002 Section 10
ISO/IEC 27002 Section 11
ISO/IEC 27002 Explained

If you would like more background information about information security standards follow this link.

Main Menu

ISO/IEC 27002 Section 2

Organising Information Security