Cyberday.ai
Get started
Login
Topics
ISO 27001
NIS2
Getting started
Framework management
Product security
Settings & advanced
Trial and subscription
User management
Community
Documentation
Personnel guidelines
Reporting
Task management
GDPR
Internal auditing
Personnel security
Risk management
Working as a partner
Continuous improvement
Team collaboration
Show all topics
Webinars
Intro to NIS2 directive, local NIS2 laws and Cyberday ISMS
ISO 27001: Build a cyber security plan, that gets you compliant
Introduktion till NIS2-direktivet, lokal NIS2-lagstiftning och Cyberdays ISMS
Einführung in die NIS2-Richtlinie, lokale NIS2-Gesetze und Cyberday ISMS
ISO 27001: Bygg en cybersäkerhetsplan som gör att du uppfyller kraven
ISO 27001: Entwickle einen Cybersecurity-Plan, der deine Compliance sichert
Show all webinars
Videos
Asset documentation
Continuously improving your ISMS
Cyberday overall intro
ISO 27001 and certification audit fundamentals
ISO 27001 and personnel awareness
ISO 27001 and risk management
ISO 27001 introduction
Mastering NIS2 Compliance with Cyberday
NIS2 introduction
Show all videos
Helps
Admins
Documentation
Frameworks
Guideline mgmt
Other features
Partners
Reporting
Setup and integrations
Task mgmt
User management
Show all helps
Blogs
Agendium Ltd is now Cyberday Inc.!
Cyber Security in Supply Chain Risk Management
From Compliance to Collaboration: How NIS2 Encourages Stronger Supply Chain Security Collaboration
10 compliance traps & how to avoid them
ISO 9001 standard: A peek inside the Quality framework
Show all blogs
Content library
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Unfortunately something went wrong. You can contact us at team@cyberday.ai.
Content library
Julkri: TL IV-I
HAL-01: Periaatteet
Julkri
HAL-01

Periaatteet

Organisaatiolla on ylimmän johdon hyväksymät tietoturvallisuusperiaatteet, jotka kuvaavat organisaation tietoturvallisuustoimenpiteiden kytkeytymistä organisaation toimintaan sekä ovat tietojen suojaamisen kannalta kattavat ja tarkoituksenmukaiset.

Start free trial

How to fill the requirement

Julkri: TL IV-I

HAL-01: Periaatteet

Task name
Priority
Status
Theme
Policy
Other requirements
Defining and documenting security objectives
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

5.1.1: Policies for information security
ISO27 Full
ID.BE-3: Organizational mission, objectives, and activities
NIST
ID.GV-1: Cybersecurity policy
NIST
HAL-01: Periaatteet
Julkri
5.1: Leadership and commitment
ISO27k1 Full
1. Task description

Organization's top management sets security objectives. Security objectives meet the following requirements:

  • they shall take into account applicable data security and data protection requirements and the results of risk assessment and treatment
  • they are clearly communicated to key security and data protection personnel, staff and other relevant stakeholders
  • they are updated as necessary (e.g. when the risk landscape changes or periodically when the objectives are met)
  • they are documented and (if possible) measurable

In connection with the documentation of security objectives, the necessary top-level improvements and tasks, needed resources, responsible persons, due dates and methods for evaluating the results in order to achieve the objectives are also defined.

Information security policy -report publishing, informing and maintenance
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

T01: Turvallisuusperiaatteet
Katakri
8.1: Operational planning and control
ISO27k1 Full
5.1.2: Review of the policies for information security
ISO27 Full
5: Information security policies
ISO27 Full
5.1: Management direction for information security
ISO27 Full
1. Task description

The organization has an information security policy developed and approved by top management. The policy shall include at least the following:

  • the basis for setting the organization’s security objectives
  • commitment to meeting information security requirements
  • commitment to continuous improvement of the information security management system

In addition, the task owner shall ensure that:

  • the is appropriate for the organization's business idea
  • the policy is communicated to the entire organization
  • the policy is available to stakeholders as appropriate
Management commitment to cyber security management and management system
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

24. Responsibility of the controller
GDPR
7.2.1: Management responsibilities
ISO27 Full
7.2.2: Information security awareness, education and training
ISO27 Full
5.1.1: Policies for information security
ISO27 Full
ID.GV-1: Cybersecurity policy
NIST
1. Task description

The organization's top management must demonstrate a commitment to cyber security work and the management system. Management commits to:

  • defining the frameworks or other requirements that form the basis for work (e.g. customer promises, regulations or certificates)
  • determining the resources needed to manage security
  • communicating the importance of cyber security
  • ensuring that the work achieves the desired results
  • promoting the continuous improvement of cyber security

Top management also decides the scope of the information security management system and records the decision in the description of the system. This means, for example, whether some parts of the organisation's activities or information are excluded from the scope of the management system, or whether it applies to all information / activities of the organization.

Formal adoption of security policies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Cyber security in contracts
requirements

Task is fulfilling also these other security requirements

7.2.2: Information security awareness, education and training
ISO27 Full
5.1.1: Policies for information security
ISO27 Full
HAL-01: Periaatteet
Julkri
5.1: Policies for information security
ISO27k1 Full
1. Task description

The employees of our organization accept the general information security policy formed by the management with their signatures. The policy may refer to a number of more specific security guidelines.

No items found.

Subscribe to Academy today

Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.

Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Topics
Internal auditing
Task management
Personnel guidelines
Trial and subscription
Product security
Show all
Webinars
Intro to NIS2 directive, local NIS2 laws and Cyberday ISMS
ISO 27001: Build a cyber security plan, that gets you compliant
Introduktion till NIS2-direktivet, lokal NIS2-lagstiftning och Cyberdays ISMS
Einführung in die NIS2-Richtlinie, lokale NIS2-Gesetze und Cyberday ISMS
ISO 27001: Bygg en cybersäkerhetsplan som gör att du uppfyller kraven
ISO 27001: Entwickle einen Cybersecurity-Plan, der deine Compliance sichert
Show all
Videos
Mastering NIS2 Compliance with Cyberday
ISO 27001 introduction
NIS2 introduction
ISO 27001 and certification audit fundamentals
Asset documentation
Show all
Helps
Documentation
Partners
Other features
Reporting
Guideline mgmt
Show all
Blogs
Agendium Ltd is now Cyberday Inc.!
From Compliance to Collaboration: How NIS2 Encourages Stronger Supply Chain Security Collaboration
10 compliance traps & how to avoid them
ISO 9001 standard: A peek inside the Quality framework
Navigating the Cybersecurity Maze: Master NIS2 with the help of ISO 27001
Show all
Content library
Open content libraryLabs
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.