Annex A

Annex A ISO27001

A.5 Information security policies

1) Information security policy.
2) Management direction for information security.
3) Scope of the information security policy.
4) Information security objectives.
5) Commitment to legal and regulatory requirements.
6) Risk assessment and management.
7) Acceptable use of assets.
8) Roles and responsibilities.
9) Awareness, training, and education.
10 Reporting of security incidents.
11) Monitoring and review.