Is this policy reviewed and updated on at least an annual basis or following system/ Organizational changes?
Are these policies aligned with the business requirements?
Are all policies approved by management giving intent and commitment towards Information Security Management systems?
Are policies properly communicated to employees and other relevant external parties?
Do all of the Organization’s policies get reviewed at planned intervals?
A.5.1.2 Review of the policies for information securityAre reviews conducted when there is significant change to ensure their continuing suitability, adequacy and effectiveness?
A.5.1.1 Policies for Information SecurityHas the Organization defined all the policies for Information/ Cyber Security?