Activity: Produce and Maintain Security Policy

This activity creates the overall statement of the aims and objectives for the security that is to be established and operated in relation to IT services and resources, and maintains its currency as circumstances change for both the IT service provider and its customer set. It works within the limits set for the security policy of the parent business, modifying or extending its coverage to include aspects specific to information technology.