Organisation has defined how information security aspects are integrated into used project management methods. Methods in use should require:
- Project’s information security related risks are identified, evaluated and treated at an early stage of the project
- Project’s information security related risks are reviewed if necessary
- Responsibility for project’s information security is clearly attached to certain project roles