IVI Framework Viewer

Governance

Establishes the oversight structures to support the execution of information security management.

Capability Building Blocks

A1Information Security Strategy
Develop, communicate, and support the organization’s information security objectives.
A2Security Policies and Controls
Establish and maintain security policies and controls, taking into account relevant security standards, regulatory and legislative security requirements, and the organization’s security objectives.
A3Security Roles, Responsibilities, and Accountabilities
Establish responsibilities and accountabilities for information security roles, and check enforcement.
A4Communication and Training
Disseminate security approaches, policies, and other relevant information to develop security awareness and skills.
A5Security Performance Reporting
Report on the effectiveness and efficiency of information security policies and activities, and the level of compliance with them.
A6Supplier Security
Define security requirements pertaining to the procurement and supply of hardware, software, services, and data.