One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 5461798 |
| Date de publication | 2022-06-30 13:02:25 (vue: 2022-06-30 02:05:44) |
| Titre | Authorised exemptions |
| Texte | Inspired by an exchange on the ISO27k Forum yesterday morning, I wrote and published a simple 2-page exemptions policy template for SecAware.  In essence, after explaining what 'exemptions' are, the policy requires that they are authorised after due consideration by management, specifically the relevant Information Owners. Exemption decisions should also be recorded, hinting at a process and some sort of exemptions log. I'm wondering now whether to write a procedure as well, including a basic log template as a starting point. I'm also contemplating writing something on accountability and responsibility, and perhaps generic incident management and post incident review procedures to accompany the incident management policy. |
| Envoyé | Oui |
| Condensat | in accompany accountability after also are authorised basic consideration contemplating decisions due essence exchange exemption exemptions explaining forum generic hinting incident including information inspired iso27k log management morning now owners page perhaps point policy post procedure procedures process published recorded relevant requires responsibility review secaware should simple some something sort specifically starting template well what whether wondering write writing wrote yesterday |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.