What document reflects executive management's support for security measures?

The corporate information security policy statement is a foundational document that articulates the organization's commitment to information security and reflects executive management’s support for security measures. This statement typically outlines the principles, guidelines, and expectations regarding how the organization will manage and protect its information assets.

By formalizing the approach to information security in this document, executive management demonstrates its support not just in words but through a structured framework that employees and stakeholders can reference. The policy statement often incorporates the organizational goals, compliance requirements, and sets the tone for the security culture within the organization. This alignment is crucial for ensuring that security measures are prioritized and effectively implemented across all levels of the organization.

Other documents like risk assessment reports, outsourcing agreements, and audit reports focus on specific aspects of security management but do not necessarily communicate executive backing for the overall security strategy in the same way the corporate information security policy statement does.