Communicating Information Security Objectives

Subject: [Important] 20[23] Information and Cyber Security Objectives

Hi Team!

As you all know, we are working on [obtaining/maintaining] our ISO 27001 certification and as part of the process we are setting information and cyber security objectives. These objectives have been agreed by the senior management team and have our full support. We will track our progress against those objectives and review them in [monthly/quarterly/bi-annual] security management meetings.

This is an important investment of time, we manage sensitive client information and do not want the trust we have built up with clients to be lost due to a cyber incident that could have been avoided.

The 20[23] objectives are as follows:

[Add / delete to reflect the objectives you have set]

1. Complete a detailed Information security risk assessment

2. Implement an effective information security management system

3. Staff are educated about cyber security and data protection

4. Achieve ISO 27001 certification

Please support our efforts in meeting these objectives, it will require an investment of time from every member of the organisation.

Regards

[CEO]