Title: Information Security Objectives Template
Document ID: [GOV-OBJECTIVES-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CEO (Paul Hague)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]

# Information Security Objectives Template

## Purpose

This template provides a standard structure for defining, approving, monitoring, and reviewing BlackDice's information security objectives.

## Scope

This template applies to information security objectives established under the ISMS, including organisation-wide objectives and targeted objectives for specific functions, risks, or improvement programmes.

## Data Fields / Expected Columns

Each objective record should include:

- objective statement
- rationale or linked risk/business need
- measure or indicator
- target value or expected outcome
- owner
- reporting frequency
- target date
- current status
- notes on blockers, assumptions, or dependencies

## Ownership

The objectives register should be owned by [Role]. Individual objectives should have named owners responsible for delivery, measurement, and reporting.

## Update Frequency

Objectives should be reviewed at planned intervals defined by management and at least during formal management review. High-priority objectives may require monthly or quarterly reporting depending on risk and operational impact.

## Retention

Current and superseded objective records should be retained in line with document and records retention requirements so that performance trends and evidence of review can be demonstrated.

## Template Table

| Objective | Rationale / Linked Risk | Measure | Target | Owner | Reporting Frequency | Target Date | Status | Notes |
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
| [Objective statement] | [Risk, issue, or requirement] | [KPI / metric] | [Target] | [Role] | [Frequency] | [DD Month YYYY] | [Open / On Track / At Risk / Closed] | [Notes] |

## Example Objective Types

Objectives may relate to:

- reduction of high-risk findings
- improvement of incident response performance
- access review completion
- vulnerability remediation timeliness
- backup or recovery testing performance
- supplier assurance coverage
- awareness and training completion

## Related Documents

- Information Security Policy
- ISMS Manual
- Risk Assessment and Treatment Methodology
- Management Review Procedure