This list of controls and the link(s) to the relevant document/section where the control is satisfied corresponds to Annex A of ISO 27001:2013.
### A.5.1 - Management direction for information security
Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations.
| ISO 27001 Ref | Section | Control Objective | Description or Link to policy/process document. |
|---|---|---|---|
| A.5.1.1 | Policies for information security | A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties | information-security-policy.md |
| A.5.1.2 | Review of the policies for information security | The policies for information security shall be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy and effectiveness. | information-security-policy.md#Policy-Review |
Objective: To establish a management framework to initiate and control the implementation and operation of information security within the organization.
| ISO 27001 Ref | Section | Control Objective | Description or Link to policy/process document. |
|---|---|---|---|
| A.6.1.1 | Information security roles and responsibilities | All information security responsibilities shall be defined and allocated. | #A.6-Roles-and-Responsibilities |
| A.6.1.2 | Segregation of duties | Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets. | link |
| ISO 27001 Ref | Section | Control Objective | Description or Link to policy/process document. |
|---|---|---|---|
| xyz | title | desc | link |