B1. Service protection policies and processes


The organisation defines, implements, communicates and enforces appropriate policies and processes that direct its overall approach to securing systems and data that support delivery of essential services.


The organisation’s approach to securing network and information systems that support essential services should be defined in a set of comprehensive security policies with associated processes. It is essential that these policies and processes are more than just…

Read more here:: NCSC Guidance