|
SD 4.6.4.2 The Information Security Policy
......................................................................................................
These policies should be widely available to all customers and users, and their
compliance should be referred to in all SLRs, SLAs, contracts and agreements.
The policies should be authorized by top executive management within the
business and IT, and compliance to them should be endorsed on a regular basis.
All security policies should be reviewed – and, where necessary, revised – on at
least an annual basis. |
|