The following is a sample information security policy statement.
The objective of information security is to ensure the business continuity of Organization X and to minimize the riskof damage by preventing security incidents and reducing their potential impact.
• The policy’s goal is to protect the organization’s informational assets against all internal,external, deliberate or accidental threats.
• The Chief Executive Officer must approve the information security policy
• The security policy ensures that:
o Information will beprotected against any unauthorized access;
o Confidentiality of information will be assured;
o Integrity of information will be maintained;
o Availability of information forbusiness processes will be maintained;
o Legislative and regulatory requirements will met;
o Business continuity plans will be developed, maintained and tested;
o Informationsecurity training will be available for all employees;
o All actual or suspected information security breaches will be reported to the Information Security Manager and will be thoroughlyinvestigated.
• Procedures exist to support the policy, including virus control measures, passwords and continuity plans.
• Business requirements for availability of information and systemswill be met.
• The Information Security Manager is responsible for maintaining the policy and providing support and advice during its implementation.
• All managers are directly responsiblefor implementing the policy and ensuring staff compliance in their respective departments.
• Compliance with the Information Security Policy is mandatory.
|Signature || |Date | |
| | | |...
Leer documento completo
Regístrate para leer el documento completo.