7/21/2019 Comments _Information Security Policy Sample

http://slidepdf.com/reader/full/comments-information-security-policy-sample 1/1

Information Security Policy-Sample

Broad Level comments

1.  The scope mentions that the policy document defnes the security

requirements o 18 domains o ISO 27001 (A to A18!" #o$e%er& the resto the policy document does not speciy the security requirements or

these domains"2.  The present document is a policy document 'ut Section 8& p 1 o the

document tal)s a'out the rame$or) and the documents that orm part o 

the rame$or)" This is not required in a policy document" Also the

Structure o Assurance *rame$or) sho$n as fure 1 on the same pae

does not correlate $ith the description pro%ided in the document"3. In the document& there is conusion 'et$een rame$or) and policy" In

places& li)e under section +& section 12& rame$or) and IS,S ha%e 'een

used instead o policy"4. Anne-ure is incomplete"5. .nder issue specifc policy (Anne-ure /"!& social media policy is pro%ided"

#o$e%er& in the document Implementation uidelines or security

control no control or uidelines are pro%ided or social media"