Governance

ISO 27001 Annex A 5.4 Management Responsibilities is a security control that requires senior leadership to mandate information security policy