Security documentation is reviewed at least annually and includes a ‘current as at [date]’ or equivalent statement.
Topic
Maintenance of security documentation
Applicable to
all
History
Priority
recommended
May 2019
Security documentation is reviewed at least annually and includes a ‘current as at [date]’ or equivalent statement.
Security control 0888 was modified to include organisational-level security documentation within its scope.
Apr 2019
Security documentation for a system is reviewed at least annually and includes a ‘current as at [date]’ or equivalent statement.
2015
Agencies should review information security documentation:• at least annually• in response to significant changes in the environment, business or system.
2010
It is recommended agencies review information security documentation:• at least annually• in response to significant changes in the environment, business or system.