History
- Priority
- should
- Nov 2018
- Removed
- Removed to ensure a focus on system-specific security documentation.
- 2017
- The ISP should describe information security policies, standards and responsibilities.
- 2015
- The ISP should describe information security policies, standards and responsibilities.
- 2010
- The information security policy should describe information security policies, standards and responsibilities.
- 2008
- An ICTSP should describe the ICT security policies, standards and responsibilities of an agency and set any specific minimum requirements, which will then feed into the development of SRMPs.