71 lines
2.4 KiB
Markdown
71 lines
2.4 KiB
Markdown
Title: Information Security Objectives Template
|
|
Document ID: [GOV-OBJECTIVES-001]
|
|
Version: 0.1 Draft
|
|
Status: Draft
|
|
Owner: CISO (Paul Jenkins)
|
|
Approver: CEO (Paul Hague)
|
|
Classification: Internal
|
|
Effective date: [DD Month YYYY]
|
|
Review date: [DD Month YYYY]
|
|
|
|
# Information Security Objectives Template
|
|
|
|
## Purpose
|
|
|
|
This template provides a standard structure for defining, approving, monitoring, and reviewing BlackDice's information security objectives.
|
|
|
|
## Scope
|
|
|
|
This template applies to information security objectives established under the ISMS, including organisation-wide objectives and targeted objectives for specific functions, risks, or improvement programmes.
|
|
|
|
## Data Fields / Expected Columns
|
|
|
|
Each objective record should include:
|
|
|
|
- objective statement
|
|
- rationale or linked risk/business need
|
|
- measure or indicator
|
|
- target value or expected outcome
|
|
- owner
|
|
- reporting frequency
|
|
- target date
|
|
- current status
|
|
- notes on blockers, assumptions, or dependencies
|
|
|
|
## Ownership
|
|
|
|
The objectives register should be owned by [Role]. Individual objectives should have named owners responsible for delivery, measurement, and reporting.
|
|
|
|
## Update Frequency
|
|
|
|
Objectives should be reviewed at planned intervals defined by management and at least during formal management review. High-priority objectives may require monthly or quarterly reporting depending on risk and operational impact.
|
|
|
|
## Retention
|
|
|
|
Current and superseded objective records should be retained in line with document and records retention requirements so that performance trends and evidence of review can be demonstrated.
|
|
|
|
## Template Table
|
|
|
|
| Objective | Rationale / Linked Risk | Measure | Target | Owner | Reporting Frequency | Target Date | Status | Notes |
|
|
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
|
|
| [Objective statement] | [Risk, issue, or requirement] | [KPI / metric] | [Target] | [Role] | [Frequency] | [DD Month YYYY] | [Open / On Track / At Risk / Closed] | [Notes] |
|
|
|
|
## Example Objective Types
|
|
|
|
Objectives may relate to:
|
|
|
|
- reduction of high-risk findings
|
|
- improvement of incident response performance
|
|
- access review completion
|
|
- vulnerability remediation timeliness
|
|
- backup or recovery testing performance
|
|
- supplier assurance coverage
|
|
- awareness and training completion
|
|
|
|
## Related Documents
|
|
|
|
- Information Security Policy
|
|
- ISMS Manual
|
|
- Risk Assessment and Treatment Methodology
|
|
- Management Review Procedure
|