Lesson 1, Topic 1
In Progress

Goals and organization

The goals to be achieved should be recorded and the connection to the company should be established. What ideas of information security does the company want to represent?

To do this, use the document entitled “Information Security Policy“, in which you can write down the above. You should refrain from giving too much detail, as the document is intended to provide a simple and compact overview of how the company stands in relation to ISO 27001 or the ISMS that has been or will be implemented. For exact information you can then look up the relevant guidelines. Begin to complete the document and continue throughout the implementation.

An example of an information security guideline could look as follows:

  • 1. Introduction
    • The importance of information security in the company
    • Protection goals
  • 2. ISMS
    • ISMS scope
    • Ongoing improvements
    • Responsibilities
    • Risk Management
  • 3. Measures
    • Access to information and systems
    • Physical security
    • Personnel safety