Adopting a framework to manage information security

Your organisation should establish a framework to direct and coordinate the management of your information security

INF006

Your framework must:

  • be appropriate to the level of security risk in your information environment
  • be consistent with your business needs and legal obligations
  • integrate with any other frameworks governing your organisation’s security.

Your framework should also cover how you’ll ensure that your organisation:

  • understands and follows security policies and processes
  • is alerted to changes to systems, risks, or standards
  • marks, accesses, and declassifies protected information correctly
  • manages and controls access to information.

Examples of best practice frameworks include: