Security Policy
Description
Information security policy documented + maintained.
⚠️ Risk Impact
Policy that exists but isn't lived fails KISA audit.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as medium-severity findings with remediation guidance.
🔧 Remediation
Written policy approved by leadership. Annual review. Acknowledgement by staff.
💀 Real-World Attack Scenario
A Korean company's security policy was 8 years old + referenced retired systems. KISA finding required emergency policy refresh.
💰 Cost of Non-Compliance
Policy non-conformity: 1-2 weeks remediation.
📋 Audit Questions
- 1.Current policy?
- 2.Last review?
- 3.Staff acknowledgement rate?
⚡ Common Pitfalls
- ⛔Stale policy
- ⛔Annual review skipped
- ⛔Low acknowledgement
📈 Business Value
Living policy is foundational to ISMS-P.
⏱️ Effort Estimate
Annual review
EchelonGraph tracks acknowledgement via IdP/HRIS
🔗 Cross-Framework References
Automate ISMS-P ISMS-2.1 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →