ANSI - NCITS/ISO/IEC 27014
Information security, cybersecurity and privacy protection - Governance of information security
| Organization: | ANSI |
| Publication Date: | 1 January 2020 |
| Status: | active |
| Page Count: | 24 |
scope:
This Recommendation | International Standard provides guidance on concepts, objectives and processes for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security-related processes within the organization.
The intended audience for this document is:
• governing body and top management;
• those who are responsible for evaluating, directing and monitoring an information security management system (ISMS) based on ISO/IEC 27001;
• those responsible for information security management that takes place outside the scope of an ISMS based on ISO/IEC 27001, but within the scope of governance.
This Recommendation | International Standard is applicable to all types and sizes of organizations.
All references to an ISMS in this document apply to an ISMS based on ISO/IEC 27001.
This Recommendation | International Standard focuses on the three types of ISMS organizations given in Annex B. However, it can also be used by other types of organizations.
Document History
