INF006
Your framework must:
- be appropriate to the level of security risk in your information environment
- be consistent with your business needs and legal obligations
- integrate with any other frameworks governing your organisation’s security.
Your framework should also cover how you’ll ensure that your organisation:
- understands and follows security policies and processes
- is alerted to changes to systems, risks, or standards
- marks, accesses, and declassifies protected information correctly
- manages and controls access to information.
Examples of best practice frameworks include: