Organisational-level security documentation is approved by the Chief Information Security Officer while system-specific security documentation is approved by the system’s authorising officer.
Topic
Approval of security documentation
Applicable to
all
History
Priority
should
May 2019
Organisational-level security documentation is approved by the Chief Information Security Officer while system-specific security documentation is approved by the system’s authorising officer.
Security control 0047 was modified to include organisational-level security documentation within its scope.
Apr 2019
Security documentation for a system is approved by the system’s authorising officer.
2015
All information security documentation should be formally approved by a person with anappropriate level of seniority and authority.
2010
All information security documentation should be formally approved by the CISO or their delegate.
2008
All ICT security documentation should be formally approved and signed off by an appropriate person.