psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
draft
ISMS/00-governance/information-security-objectives-template.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.4 KiB
Raw Permalink Blame History

Title: Information Security Objectives Template Document ID: [GOV-OBJECTIVES-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CEO (Paul Hague) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Information Security Objectives Template

Purpose

This template provides a standard structure for defining, approving, monitoring, and reviewing BlackDice's information security objectives.

Scope

This template applies to information security objectives established under the ISMS, including organisation-wide objectives and targeted objectives for specific functions, risks, or improvement programmes.

Data Fields / Expected Columns

Each objective record should include:

  • objective statement
  • rationale or linked risk/business need
  • measure or indicator
  • target value or expected outcome
  • owner
  • reporting frequency
  • target date
  • current status
  • notes on blockers, assumptions, or dependencies

Ownership

The objectives register should be owned by [Role]. Individual objectives should have named owners responsible for delivery, measurement, and reporting.

Update Frequency

Objectives should be reviewed at planned intervals defined by management and at least during formal management review. High-priority objectives may require monthly or quarterly reporting depending on risk and operational impact.

Retention

Current and superseded objective records should be retained in line with document and records retention requirements so that performance trends and evidence of review can be demonstrated.

Template Table

Objective Rationale / Linked Risk Measure Target Owner Reporting Frequency Target Date Status Notes
[Objective statement] [Risk, issue, or requirement] [KPI / metric] [Target] [Role] [Frequency] [DD Month YYYY] [Open / On Track / At Risk / Closed] [Notes]

Example Objective Types

Objectives may relate to:

  • reduction of high-risk findings
  • improvement of incident response performance
  • access review completion
  • vulnerability remediation timeliness
  • backup or recovery testing performance
  • supplier assurance coverage
  • awareness and training completion

Related Documents

  • Information Security Policy
  • ISMS Manual
  • Risk Assessment and Treatment Methodology
  • Management Review Procedure
Reference in New Issue View Git Blame Copy Permalink