Professional Documents
Culture Documents
1. Does your organization review the security policies which are in place after nuisance
testing or performance failure? If so, how are these policies adjusted?
In my organization, usually we are reviewed our policies at least once a year but there are
major business changes as example when new business requirements come, we will made
sure that the changes can include with complying with the new global laws, new
management and also adapting new technologies. After all, the security policies and
procedures can minimize the risk. Typically, policies will need to be changed much less
frequently than procedures. In other words, major changes such as new management or
new equipment may necessitate a change at the policy level as well.
2. Does the organization subscribe to the ISO international standard on security? If
not Why?