Information Security Management System must ensure essentially the preservation of confidentiality, integrity and availability of all information assets, physical and electronic property of his customers, employees, business partners and other others concerned .
The goals in Information Security must be in accordance with contractual and legal obligations, the return on assets, the state of technology and the existing organizational criteria.
It must implement a Risk Management with a risk assessment criteria aligned with the strategy of the organization and approved by the Managing Direction.
It must apply the principles of continuous improvement in risk reduction, processes and implementation of controls, putting prevention to correction.
The policy should be known and complied by all staff working in and for the organization and interested parties (third parties or clients) that may affect the information security, regardless of rank or organizational.