新版ISO 27001對政策之要求, 沒有再區分 "Information security policies 資訊安全政策" 及"ISMS policies 資訊安全管理系統政策", 僅保留"Information security policies 資訊安全政策"
本文有關"Information security policies 資訊安全政策"相關要求如后:
5.1 Leadership and commitment 領導與承諾
Top management shall demonstrate leadership and commitment with respect to the information security management system by:
a) ensuring the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization;
5.2 Policy 政策
Top management shall establish an information security policy that:
a) is appropriate to the purpose of the organization;
b) includes information security objectives (see 6.2) or provides the framework for setting information security objectives;
c) includes a commitment to satisfy applicable requirements related to information security; and
d) includes a commitment to continual improvement of the information security management system.