>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SG-01Policy and Standard Review

>Control Description

Organization's policies and standards are periodically reviewed, approved by management, and communicated to Organization personnel.

Theme

Process

Type

Preventive

Policy/Standard

Information Security Management Standard

>Implementation Guidance

1. Ensure that the organization's policies and standards are well-defined, documented and communicated with relevant personnel. 2. Ensure that these policies and standards are reviewed periodically and are approved by the management.

>Testing Procedure

1. Inspect organization's Policy to determine whether requirements for periodic reviews, management approval, and communication of policies and standards are defined. 2. Inspect a sample of organization's policies and standards to determine whether they are documented, periodically reviewed, and approved by management 3. Inspect the corporate intranet or email communication sent to employee that validates these policies are communicated within the organization.

>Audit Artifacts

E-SG-01
E-SG-02
E-SG-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
2

ID.GV-1
ID.AM-6

CIS Controls
4

7.1
11.1
12.4
18.1

ISO 27001
18

5.1(a)
5.1(d)
5.2(d)
5.2(e)
5.2(g)
7.3(a)
+12 more

ISO 27002:2022
1

5.1

FedRAMP Rev 5
2

PL-01
PS-06

PCI DSS
25

1.1
1.1.1
2.1
2.1.1
3.1
3.1.1
+19 more

HIPAA Security Rule
14

164.308(a)(1)(i)
164.308(a)(3)(i)
164.308(a)(4)(i)
164.308(a)(4)(ii)(B)
164.308(a)(4)(ii)(C)
164.308(a)(7)(i)
+8 more

SOC 2
2

CC2.2
CC5.3

BSI C5
19

AM-02
COM-01
COM-02
COM-03
COS-08
CRY-01
+13 more

TX-RAMP
2

PL-1
PS-6

Ask AI

Configure your API key to use AI features.