Security Organization
This section contains the following sub-sections:

4.1 Information security infrastructure - the organization should have a management framework for information security. Senior management should provide direction and support, for example by approving information security policies. Roles and responsibilities should be defined for the information security function. Other relevant functions should cooperate and coordinate their activities.

4.2 Security of third party access - access to the facilities by third parties such as IT service providers, maintenance and support staff, consultants and contractors should be controlled. Information security requirements should be included in contracts with such third parties.

4.3 Outsourcing - information security requirements should be specified in contracts with IT outsourcing suppliers.

Recently Changed
Certification (ages ago)
risk treatment plan (ages ago)
Spanish (ages ago)