ISO/IEC 27001 Control 5.1: Policies for information security


Information security policy and topic-specific policies should be defined, approved by management, published, communicated to and acknowledged by relevant personnel and relevant interested parties, and reviewed at planned intervals and if significant changes occur.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint can provide essential data for definition and maintenance of security policies.

Implementation Details

MidPoint reporting can be used to extract information from identity data (identity analytics). Simulation capabilities can be used to predict the effect of proposed policies, especially for topic-specific policies. Dashboards can be used to keep track of application, enforcement and violations of the policies.

Was this page helpful?
Thanks for your feedback