The decision to implement an Information Security Management System (ISMS) is a strategic decision, made at the highest management level. ISO/IEC 27001:2022 emphasizes that top management must demonstrate leadership and commitment, and integration of the ISMS into the organization's strategic direction.
"Top management shall ensure that the information security policy and the objectives of the ISMS are compatible with the strategic direction of the organization."
— ISO/IEC 27001:2022, Clause 5.1
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit