Should an organisation have one single information security policy even if there are different organisation approvals (OAs) under its umbrella?
Should an organisation have one single information security policy even if there are different organisation approvals (OAs) under its umbrella?
Answer
An organisation is free to choose to have a single information security policy covering all OAs or a different information security policy per OA.
Last updated
22/08/2025