Initial commit
This commit is contained in:
Paul Jenkins
70
00-governance/information-security-objectives-template.md
Normal file
70
00-governance/information-security-objectives-template.md
Normal file
@@ -0,0 +1,70 @@
|
||||
Title: Information Security Objectives Template
|
||||
Document ID: [GOV-OBJECTIVES-001]
|
||||
Version: 0.1 Draft
|
||||
Status: Draft
|
||||
Owner: CISO (Paul Jenkins)
|
||||
Approver: CEO (Paul Hague)
|
||||
Classification: Internal
|
||||
Effective date: [DD Month YYYY]
|
||||
Review date: [DD Month YYYY]
|
||||
|
||||
# Information Security Objectives Template
|
||||
|
||||
## Purpose
|
||||
|
||||
This template provides a standard structure for defining, approving, monitoring, and reviewing BlackDice's information security objectives.
|
||||
|
||||
## Scope
|
||||
|
||||
This template applies to information security objectives established under the ISMS, including organisation-wide objectives and targeted objectives for specific functions, risks, or improvement programmes.
|
||||
|
||||
## Data Fields / Expected Columns
|
||||
|
||||
Each objective record should include:
|
||||
|
||||
- objective statement
|
||||
- rationale or linked risk/business need
|
||||
- measure or indicator
|
||||
- target value or expected outcome
|
||||
- owner
|
||||
- reporting frequency
|
||||
- target date
|
||||
- current status
|
||||
- notes on blockers, assumptions, or dependencies
|
||||
|
||||
## Ownership
|
||||
|
||||
The objectives register should be owned by [Role]. Individual objectives should have named owners responsible for delivery, measurement, and reporting.
|
||||
|
||||
## Update Frequency
|
||||
|
||||
Objectives should be reviewed at planned intervals defined by management and at least during formal management review. High-priority objectives may require monthly or quarterly reporting depending on risk and operational impact.
|
||||
|
||||
## Retention
|
||||
|
||||
Current and superseded objective records should be retained in line with document and records retention requirements so that performance trends and evidence of review can be demonstrated.
|
||||
|
||||
## Template Table
|
||||
|
||||
| Objective | Rationale / Linked Risk | Measure | Target | Owner | Reporting Frequency | Target Date | Status | Notes |
|
||||
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
|
||||
| [Objective statement] | [Risk, issue, or requirement] | [KPI / metric] | [Target] | [Role] | [Frequency] | [DD Month YYYY] | [Open / On Track / At Risk / Closed] | [Notes] |
|
||||
|
||||
## Example Objective Types
|
||||
|
||||
Objectives may relate to:
|
||||
|
||||
- reduction of high-risk findings
|
||||
- improvement of incident response performance
|
||||
- access review completion
|
||||
- vulnerability remediation timeliness
|
||||
- backup or recovery testing performance
|
||||
- supplier assurance coverage
|
||||
- awareness and training completion
|
||||
|
||||
## Related Documents
|
||||
|
||||
- Information Security Policy
|
||||
- ISMS Manual
|
||||
- Risk Assessment and Treatment Methodology
|
||||
- Management Review Procedure
|
||||
Reference in New Issue
Block a user