ISO27001 - Control 5.5 - Contact with Authorities Control The organization should establish and maintain contact with relevant authorities. What this means The aim of this control is to ensure an open dialogue with regard to information security and incidents between the organisation and relevant legal, regulatory, and supervisory authorities. This means the organization should: Identify the proper authorities to contact about information security issues. This could include law enforcement, regulatory agencies, supervisory bodies, etc. List the proper authorities, usually in your interested parties policy. Decide [...]

ISO27001 - Control 5.4 - Management Responsibilities Control Management should require all personnel to apply information security in accordance with the established information security policy, topic-specific policies and procedures of the organisation. What this means   For an organisation to effectively protect its information assets, it's not enough to just have security policies and procedures in place. The employees and personnel who handle that information daily need to be aware of the policies and diligent about following them. But ensuring this level of security awareness and [...]