Sample Information Security Policy Statement

1) Objective

The objective of information security is to ensure the business continuity of <COMPANY> and to minimize the risk of damage by preventing security incidents and reducing their potential impact

2) Policy

  1. The policy’s goal is to protect <COMPANY> organization’s informational assets[1] against all internal, external, deliberate or accidental threats.
  2. The CEO/MD or authorized signatory of the organization has approved the information security policy.
  3. The security policy insures that:
    1. Information will be protected against any authorized access
    2. Confidentiality of information will be assured
    3. Integrity of the information will be maintained
    4. Availability of information for business processes will be maintained
    5. Legislative and regulatory requirements will met
    6. Business continuity plans will be developed, maintained and tested
    7. Information security training will be available for all employees
    8. All actual or suspected information security breaches will be reported to the ISMS[2] manager and will be thoroughly investigated
    9. Procedures exist to support the policy, including virus control measures, passwords and continuity plans
    10. Business requirements for availability of information and systems are met
    11. The information security manager is responsible for maintaining the policy and providing support and advise during its implementation
    12. All managers are directly responsible for implementing the policy and ensuring staff compliance in their respective departments
    13. Compliance with the information security policy is mandatory

Signature __________________________

Name _____________________________

Date ______________________________

Title _______________________________

This policy will be reviewed yearly by the ISMS Manager


[1] Information can exist in various forms, and includes data stored on computers, transmitted over networks, printed or written on paper, sent by fax, stored on media or discussed during telephone conversations.

[2] ISMS Manager is the IT Security Officer

Be the first to comment

Leave a Reply

Your email address will not be published.


*


*