Mandatory components that must be embedded in each Board-level Information Security Policy/Objectives document and own information security management system (ISMS) so that the risks relating to the confidentiality, integrity and availability of information are managed.