Security policies detail the controls that must be implemented, monitored, reviewed and improved, and are aligned with international frameworks and standards such as ISO 27001 and NIST (National Institute of Standards and Technology).
All the documents are reviewed and updated as a result of a cycle of continuous improvement. In these reviews, account is taken of periodic measurements and audits of security activities, changes in context and newlyidentified risks.