AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Define performance metrics | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Define performance metrics

39999038-9ef1-602a-158c-ce2367185230

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_0124 - Define performance metrics

Additional metadata

Name/Id: CMA_0124 / CMA_0124
Category: Operational
Title: Define performance metrics
Ownership: Customer
Description: Microsoft recommends that your organization identify performance metrics for organizational processes, activities, and structures including organizational personnel. It is recommended that your organization measure and track these metrics over time in order to drive performance goals.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 6 compliance controls are associated with this Policy definition 'Define performance metrics' (39999038-9ef1-602a-158c-ce2367185230)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
ISO27001-2013	C.5.1.e	ISO27001-2013_C.5.1.e	ISO 27001:2013 C.5.1.e	Leadership	Leadership and commitment	Shared	n/a	Top management shall demonstrate leadership and commitment with respect to the information security management system by: e) ensuring that the information security management system achieves its intended outcome(s).	link	3
ISO27001-2013	C.5.1.g	ISO27001-2013_C.5.1.g	ISO 27001:2013 C.5.1.g	Leadership	Leadership and commitment	Shared	n/a	Top management shall demonstrate leadership and commitment with respect to the information security management system by: g) promoting continual improvement.	link	3
ISO27001-2013	C.5.3.b	ISO27001-2013_C.5.3.b	ISO 27001:2013 C.5.3.b	Leadership	Organizational roles, responsibilities and authorities	Shared	n/a	Top management shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated. Top management shall assign the responsibility and authority for: b) reporting on the performance of the information security management system to top management. NOTE Top management may also assign responsibilities and authorities for reporting performance of the information security management system within the organization.	link	2
ISO27001-2013	C.9.3.c.1	ISO27001-2013_C.9.3.c.1	ISO 27001:2013 C.9.3.c.1	Performance Evaluation	Management review	Shared	n/a	Top management shall review the organization’s information security management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness. The management review shall include consideration of: c) feedback on the information security performance, including trends in: - 1) nonconformities and corrective actions. The outputs of the management review shall include decisions related to continual improvement opportunities and any needs for changes to the information security management system. The organization shall retain documented information as evidence of the results of management reviews.	link	6
ISO27001-2013	C.9.3.c.3	ISO27001-2013_C.9.3.c.3	ISO 27001:2013 C.9.3.c.3	Performance Evaluation	Management review	Shared	n/a	Top management shall review the organization’s information security management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness. The management review shall include consideration of: c) feedback on the information security performance, including trends in: - 3) audit results. The outputs of the management review shall include decisions related to continual improvement opportunities and any needs for changes to the information security management system. The organization shall retain documented information as evidence of the results of management reviews.	link	4
ISO27001-2013	C.9.3.c.4	ISO27001-2013_C.9.3.c.4	ISO 27001:2013 C.9.3.c.4	Performance Evaluation	Management review	Shared	n/a	Top management shall review the organization’s information security management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness. The management review shall include consideration of: c) feedback on the information security performance, including trends in: - 4) fulfilment of information security objectives; The outputs of the management review shall include decisions related to continual improvement opportunities and any needs for changes to the information security management system. The organization shall retain documented information as evidence of the results of management reviews.	link	4

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	39999038-9ef1-602a-158c-ce2367185230

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC