M5.3.1 - COMPLIANCE WITH SECURITY POLICIES AND STANDARDS Implementation Guidance
The entity’s managers shall ensure that all security procedures within their area of responsibility are carried out correctly to achieve compliance with security policies and standards.
Back to M5.3.1 - P4 - COMPLIANCE WITH SECURITY POLICIES AND STANDARDS
Managers should regularly review the compliance of information processing within their area of responsibility with the appropriate security policies, standards, and any other security requirements.
If any non-compliance is found as a result of the review, managers should:
- A. Determine the causes of the non-compliance
- B. Evaluate the need for actions to ensure that non-compliance do not recur
- C. Determine and implement appropriate corrective action
- D. Review the corrective action taken
Results of reviews and corrective actions carried out by managers should be recorded and these records should be maintained. Managers should report the results to the persons carrying out the independent reviews, when the independent review takes place in the area of their responsibility
Back to M5.3.1 - P4 - COMPLIANCE WITH SECURITY POLICIES AND STANDARDS
