Management must support policies, protocols, and controls for information security. Ensure personnel are briefed on roles and obligations, guidelines, policy compliance, awareness, and qualifications. Enforce employment terms and conditions. Provide confidential reporting channels and adequate resources for security processes and controls.
Conformance1
Tools for conforming to standards, goals and processes
