Iso 27000

Páginas: 2 (288 palabras) Publicado: 1 de junio de 2010
The following is a sample information security policy statement.


The objective of information security is to ensure the business continuity of Organization X and to minimize the riskof damage by preventing security incidents and reducing their potential impact.


• The policy’s goal is to protect the organization’s informational assets[1] against all internal,external, deliberate or accidental threats.

• The Chief Executive Officer must approve the information security policy

• The security policy ensures that:

o Information will beprotected against any unauthorized access;

o Confidentiality of information will be assured;

o Integrity of information will be maintained;

o Availability of information forbusiness processes will be maintained;

o Legislative and regulatory requirements will met;

o Business continuity plans will be developed, maintained and tested[2];

o Informationsecurity training will be available for all employees;

o All actual or suspected information security breaches will be reported to the Information Security Manager and will be thoroughlyinvestigated.

• Procedures exist to support the policy, including virus control measures, passwords and continuity plans.

• Business requirements for availability of information and systemswill be met.

• The Information Security Manager is responsible for maintaining the policy and providing support and advice during its implementation.

• All managers are directly responsiblefor implementing the policy and ensuring staff compliance in their respective departments.

• Compliance with the Information Security Policy is mandatory.

|Signature || |Date  | |
| | | |...
Leer documento completo

Regístrate para leer el documento completo.

Estos documentos también te pueden resultar útiles

  • ISO 27000
  • ISO 27000
  • Iso 27000
  • Iso 27000
  • Iso 27000
  • ISO 27000
  • Iso 27000
  • Iso 27000

Conviértase en miembro formal de Buenas Tareas