The policies for information security apply primarily to unit leaders or other staff with responsibility for an area/a task in connection with which confidential and/or sensitive information is processed or stored.
References in parentheses refer to controls in the ISO 27001 standard.
ISO-27001 is undergoing a revision with a new structureand division of requirements, which are now divided into 4 general categories:
Existing requirement are being consolidated into to new policies, some requirements are being deleted, while new requirements have been added. Therefore, the policies will be updated to align with the structure of the revised ISO-27001 standard, including the numbering in parentheses, which is a reference to the ISO-standard itself.