Management commitment to cyber security management and management system


The organization's top management must demonstrate a commitment to cyber security work and the management system. Management commits to:

  • defining the frameworks or other requirements that form the basis for work (e.g. customer promises, regulations or certificates)
  • determining the resources needed to manage security
  • communicating the importance of cyber security
  • ensuring that the work achieves the desired results
  • promoting the continuous improvement of cyber security

Top management also decides the scope of the information security management system and records the decision in the description of the system. This means, for example, whether some parts of the organisation's activities or information are excluded from the scope of the management system, or whether it applies to all information / activities of the organization.

Connected other frameworks and requirements:
24. Responsibility of the controller
7.2.1: Management responsibilities
ISO 27001
7.2.2: Information security awareness, education and training
ISO 27001
5.1.1: Policies for information security
ISO 27001
ID.GV-1: Cybersecurity policy
No items found.