Professional Documents
Culture Documents
I. 3. ISO 19600
• High level structure: (i) Context of the organization (ii) Leadership (iii) Planning (iv) Support (v)
Operation (vi) Performance evaluation (vii) Improvem responsibilities. The Office 365 security policies
address purpose, scope, roles, responsibilities, compliance requirements, and required coordination among
the various Microsoft organizations providing some level of support for the security of Office 365. Office 365
security policies contain rules and requirements tha responsibilities. The Office 365 security policies address
purpose, scope, roles, responsibilities, compliance requirements, and required coordination among the
various Microsoft organizations providing some level of support for the security of Office 365. Office 365
security policies contain rules and requirements that must be met in the delivery and operation of Office
365. Office 365 employees and contingent staff are accountable and responsible for complying with these
guiding principles in their designated roles.t must be met in the delivery and operation of Office 365. Office
365 employees and contingen responsibilities. The Office 365 security policies address purpose, scope,
roles, responsibilities, compliance requirements, and required coordination among the various Microsoft
organizations providing some level of support for the security of Office 365. Office 365 security policies
contain rules and requirements that must be met in the delivery and operation of Office 365. Office 365
employees and contingent staff are accountable and responsible for complying with these guiding principles
in their designated roles.t staff are accountable organizations providing some level of support for the
security of Office 365. Office 365 security policies contain rules and requirements that must be met in the
delivery and operation of Office 365. Office 365 employees and contingent staff are accountable and
responsible for complying with these guiding principles in their designated roles.t must be met in the
delivery and operation of Office 365. Office 365 employees and contingen responsibilities. The Office 365
security policies address purpose, scope, roles, responsibilities, compliance requirements, and required
coordination among the various Microsoft organizations providing some level of support for the security of
Office 365. Office 365 security policies contain rules and requirements that must be met in the delivery and
operation of Office 365. Office 365 employees and contingent staff are accountable and responsible for
complying with these guiding principles in their designated roles.t staff are accountable and responsible for
complying with these guiding principles in their designated roles.ent Information security activities shall be
coordinated by representatives from different parts of the organization with relevant roles and job
functions. Whether measures are taken to ensure that the responsibilities. The Office 365 security policies
address purpose, scope, roles, responsibilities, compliance requirements, and required coordination among
the various Microsoft organizations providing some level of support for the security of Office 365. Office 365
security policies contain rules and requirements that must be met in the delivery and operation of Office
365. Office 365 employees and contingent staff are accountable and responsible for complying with these
guiding principles in their designated roles.security controls, service definitions and delivery levels, included
in the third party service delivery agreement, are implem responsibilities. The Office 365 security policies
address purpose, scope, roles, responsibilities, compliance requirements, and required coordination among
the various Microsoft organizations providing some level of support for the security of Office 365. Office 365
security policies contain rules and requirements that must be met in the delivery and operation of Office
365. Office 365 employees and contingent staff are accountable and responsible for complying with these
guiding principles in their designated roles.ented, operated and maintained by a third party.
curity roles and responsibilities. The Office 365 security policies address purpose, scope, roles,
responsibilities, compliance requirements, and required coordination among the various Microsoft
organizations providing some level of support for the security of Office 365. Office 365 security policies
contain rules and requirements that must be met in the delivery and operation of Office 365. Office 365
employees and contingent staff are ac responsibilities. The Office 365 security policies address purpose,
scope, roles, responsibilities, compliance requirements, and required coordination among the various
Microsoft organizations providing some level of support for the security of Office 365. Office 365 security
policies contain rules and requirements that must be met in the delivery and operation of Office 365. Office
365 employees and contingent staff are accountable and responsible for complying with these guiding
principles in their designated roles.countable and respons responsibilities. The Office 365 security policies
address purpose, scope, roles, responsibilities, compliance requirements, and required coordination among
the various Microsoft organizations providing some level of support for the security of Office 365. Office 365
security policies contain rules and requirements that must be met in the delivery and operation of Office
16-abr-19
365. Office 365 employees and contingent staff are accountable and responsible for complying with these
guiding principles in their designated roles.ible for complying with these guiding principles in their
designated roles. responsibilities. The Office 365 security policies address purpose, scope, roles,
responsibilities, compliance requirements, and req responsibilities. The Office 365 security policies address
purpose, scope, roles, responsibilities, compliance requirements, and required coordination among the
various Microsoft organizations providing some level of support for the security of Office 365. Office 365
security policies contain rules and requirements that must be met in the delivery and operation of Office
365. Office 365 employees and contingent staff are accountable and responsible for complying with these
guiding principles in their designated roles.uired coordination among the various Microsoft organizations
providing some level of support for the security of Office 365. Office 365 security policies contain rules and
requirements that must be met in the delivery and operation of Office 365. Office 365 employees and
contingent staff are accountable and responsible for complying with these guiding principles in their
designated roles.
responsibilities. The Office 365 security policies address purpose, scope, roles, responsibilities,
compliance requirements, and required coordination among the various Microsoft organizations providing
some level of support for the security of Office 365. Office 365 security policies contain rules and
requirements that must be met in the delivery and operation of Office 365. Office 365 employees and
contingent staff are accountable and responsible for complying with these guiding principles in their
designated roles.
Control
Management shall actively support security within the organization through clear direction,
demonstrated commitment, explicit assignment, and acknowledgment of information security
responsibilities. Ensure whether management demonstrates active support for security measures within the
organization. This can be done Information security activities shall be coordinated by representatives from
different parts of the organization with relevant roles and job functions.
ISO 37001
Compliance policy
• Compensation systems for compliance achievements
• Evaluations to employees before hiring
•Continuous training
• Communication continues, open and adequate
• Visible recognition of the achievements of compliance management
• Ethical leadership. "Tone at the top"
• As the hierarchical responsibility of a person in an organization increases, it increases their visibility and
ability to influence the behavior of others.
b. Compliance Culture
• The way of acting (behavior) of the members of Senior Management moves the way of acting of the
rest of the individuals that make up the organization: visible, consistent and sustained commitment over
time with a standard of common behavior
b. Compliance Culture
• The business culture must be an element that positively influences the behavior and attitude of all
those who make up the organization: culture of compliance
b. Compliance Culture
b. Compliance Culture
Change perception detection and punishment
Reduce / eliminate behavior bias
Improve the role of moral considerations
Improve culture (eliminate undue environmental influences / group pressure)
• Application of fast and proportionate disciplinary measures
• Consistency in treatment regardless of position
• Clear criminal compliance policy
• Compensation systems that assess achievement of criminal compliance objectives
• An appropriate initiation or orientation program that emphasizes criminal compliance and the values
of the organization
• Tone in the direction (respect and application from above) • Recognition achievements in compliance •
Continuous, open and adequate communication
The SGCP: Context and Planning
cc: jaumescar - https://www.flickr.com/photos/28842017@N00
c. The SGCP - Context
• The SGCP must be appropriate to the circumstances of the organization in which it operates.
• Chapter 4 deals with aspects related to it (design the management system and maintain it and
continuous improvement).
c. The SGCP - Context
• Understand the organization and its context
• Understand the needs and expectations of the groups of interest
• Determine the scope of the SGCP
16-abr-19
Saved
Community