1.   Security policy

	Provide management direction and support for information security.
	Defines corporate objectives for information

2.   IT security organisation & 3^rd party connections

	Manage information security within the company.
	Maintain the security of organizational information processing facilities and information assets accessed by 3rd parties (suppliers, partners, customers).
	Maintain the security of information when the responsibility for information processing has been outsourced to another organization.

3.   Assets classification and control

Determine and maintain appropriate protection of corporate assets.

4.   Personnel security

	Reduce risks of human error, theft, fraud or misuse of facilities.
	Ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work.
	Minimise the damage from security incidents and malfunctions and learn from such incidents.

5.   Physical & environmental security

	Prevent unauthorised access, damage and interference to business premises and information..
	Prevent loss, damage or compromise of assets and interruption to business activities.
	Prevent compromise or theft of information and information processing facilities.

6.   Computer & network management

	Ensure the correct and secure operation of information processing facilities.
	Minimise the risk of systems failures.
	Protect the integrity of software and information.
	Maintain the integrity and availability of information processing and communications.
	Ensure the safeguarding of information in networks and the protection of the supporting infrastructure.
	Prevent damage to assets and interruptions to business activities.
	Prevent loss, modification or misuse of information exchanged between organizations.

7.   System access control

	Control access to information.
	Prevent unauthorised access to information systems.
	Ensure the protection of networked services.
	Prevent unauthorized computer access.
	Detect unauthorised activities.
	Ensure information security when using mobile computing and tele-networking facilities.

8.   System development & maintenance

	Ensure security is built into operational systems.
	Prevent loss, modification or misuse of user data in application systems.
	Protect the confidentiality, authenticity and integrity of information.
	Ensure IT projects and support activities are conducted in a secure manner.
	Maintain the security of application system software and data.

9.   Business continuity planning

Counteract or prevent interruptions to business activities and to critical business processes from the effects of major failures or disasters.

10. Compliance

	Avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements.
	Ensure systems security parameters, operating procdures etc. comply with organisational security policies and standards.
	Maximize the effectiveness of and to minimize interference to/from the system audit process.