Cyber Security Policy Manual

I NFORMATION S ECURITY M ANAGEMENT S YSTEM (ISMS) P OLICY

P URPOSE Define the principles by which the City of Greensboro will maintain compliance with ISO/IEC 27001:2013, the international security standard for information security management. ISO/IEC 27001:2013 provides requirements for implementing, reviewing and continuously improving an Information Security Management System (ISMS) to protect systems and information from threats and cyber-attacks and ensure compliance with laws and regulations. S COPE This manual applies to: 1) All Information Technology assets leased, owned and operated by the City of Greensboro 2) All data stored, processed and transmitted by City of Greensboro systems and applications 3) All City of Greensboro employees, contractors, and consultants

R OLES AND RESPONSIBILITIES Function

Responsibility

Chief Information Officer

Support efforts to ensure that proper security controls are implemented to comply with ISO/IEC 27001:2013 requirements security management to ensure that information security controls are defined and implemented in accordance with ISO/IEC 27001:2013 requirements - Communicate risks and mitigation recommendations to City management team - Implement and manage security controls to protect City of Greensboro systems and information and comply with laws and regulations Adhere to all security policies and controls that have been implemented to protect City of Greensboro systems and information and comply with laws and regulations - Provide strategic direction and information

Cyber Security Team

All employees, contractors, and consultants

Cyber Security Policy Manual

40