GRM-09: Policy Reviews

CSF v1.1 References:

PF v1.0 References:

Next Version:

Control Statement

The organization’s business leadership (or other accountable business role or function) shall review the information security policy at planned intervals or as a result of changes to the organization to ensure its continuing alignment with the security strategy, effectiveness, accuracy, relevance, and applicability to legal, statutory, or regulatory compliance obligations.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.