T3.1.1 - OPERATIONS MANAGEMENT POLICY Implementation Guidance
The entity shall establish an operations management policy.
Back to T3.1.1 - P4 - OPERATIONS MANAGEMENT POLICY
The operations management policy defines and documents operational standards and procedures across the IT lifecycle (planning, design, implementation, operations, and maintenance) necessary to maximize information security. The policy can, for example, contain:
- A. Scope of the policy
- B. Segregation of duties
- C. Configuration management
- D. Change request
- E. Quality management
- F. Backup procedures
- G. Monitoring procedures
The operations management policy can be included as part of the general information security policy, in a single policy document, or can be represented by multiple policies reflecting the complex nature of certain entities.
