IT Security Policy Template

IT Security Policy – Template 2

This IT Security Policy has been developed to protect all systems within the Company to an adequate level from events which may jeopardize company activity. These events will include accidents as well as behavior deliberately designed to cause difficulties.

Company will seek to ensure that the confidentiality, integrity and availability of its information are maintained by implementing best practice to minimize risk.

The data stored in manual and electronic systems used by the Company represent an extremely valuable asset. The increasing reliance on information technology for the delivery of IT service makes it necessary to ensure that these systems are developed, operated, used and maintained in a safe and secure fashion in addition to paper based records. The increasing need to transmit information across networks of computers renders the data more vulnerable to accidental or deliberates unauthorized modification or disclosure.

Objectives:

a. to ensure each member of user has a proper awareness and concern for computer systems security and an adequate appreciation of their responsibility for information security;

b. to ensure all contractors and their employees have a proper awareness and concern for security of Company information;

c. to provide a framework giving guidance for the establishment of standards, procedures and computer facilities for implementing computer systems security;

d. to meet the general objectives of ISO27001 Code of Practice for Information Systems Security;

e. to specify Company responsibilities;

f. to ensure all users have an awareness of the legal documents their implications;

g. to ensure that all users are aware of their accountability and that they are aware that failure to comply with the Information Security Policy is a disciplinary offence which may include action up to

h. Any action taken will conform to the appropriate Company’s Human Resource policies.

CONTENT

1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. ACCEPTABLE USE
4. SECURITY MANAGEMENT AND RESPONSIBILITIES
4.1 OBJECTIVE
4.2 THE COMPANY
4.3 INFORMATION COMPLIANCE & POLICY RESPONSIBLE
4.4 DATA OWNER
4.5 SYSTEMS DEVELOPMENT
4.6 MANAGEMENT RESPONSIBILITIES
4.7 EMPLOYEES RESPONSIBILITIES
4.8 SYSTEM MANAGERS/IT TECHNICIANS
5. THE FLOW OF INFORMATION
5.1 OBJECTIVE
5.2 SHARING DATA WITH OTHER COMPANIES AND ORGANIZATIONS
5.3 SHARING DATA WITH NON‐PARTNER ORGANIZATIONS
5.4 TELEPHONE COMMUNICATIONS SECURITY
5.5 EMAIL
5.6 INTERNET
5.7 VERBAL COMMUNICATIONS
6. RISK MANAGEMENT
6.1 OBJECTIVE
6.2 BUSINESS CONTINUITY
6.3 PROTECTION FOR EMPLOYEES AND RECORDS
6.4 HIGH DATA QUALITY
6.5 RISK OF COMPUTER CRIME
6.6 RISKS OF MALWARE
7. AWARENESS
8. CONFIDENTIALITY AGREEMENTS
9. BUSINESS CONTINUITY
9.1 OBJECTIVE
9.2 NEED FOR EFFECTIVE PLANS
9.3 PLANNING PROCESS
9.4 PLANNING FRAMEWORK
10. EQUIPMENT AND SOFTWARE REGISTERS
10.1 OBJECTIVES
10.2 EQUIPMENT INVENTORY
10.3 SOFTWARE REGISTER
11. ACCESS CONTROL TO SECURE AREAS
11.1 OBJECTIVES
11.2 PHYSICAL SECURITY
11.3 ENTRY CONTROLS
12. SECURITY OF THIRD‐PARTY ACCESS
12.1 OBJECTIVES
12.2 ACCESS CONTROL
13. USER ACCESS CONTROL
13.1 OBJECTIVES
13.2 ACCESS TO SYSTEMS
13.3 ELIGIBILITY
13.4 REGISTERING USERS
13.5 USER PASSWORD MANAGEMENT
13.6 USER LEAVING [COMPANY] EMPLOYMENT
13.7 VISITORS AND CONTRACTORS
13.8 THE INTERNET
14. HOUSEKEEPING
14.1 OBJECTIVE
14.2 DATA BACKUP
14.3 EQUIPMENT, MEDIA AND DATA DISPOSAL
15. SOFTWARE AND INFORMATION PROTECTION
15.1 OBJECTIVE
15.2 LICENSED SOFTWARE
15.3 UNAUTHORIZED SOFTWARE
15.4 VIRUS CONTROL
15.5 TIME‐OUT PROCEDURES
16. EQUIPMENT SECURITY
16.1 OBJECTIVE
16.2 EQUIPMENT SITTING AND PROTECTION
16.3 POWER SUPPLIES
16.4 NETWORK SECURITY
16.5 PORTABLE & HAND‐HELD COMPUTING EQUIPMENT
16.6 SYSTEM DOCUMENTATION
17. INCIDENT MANAGEMENT
18. ELECTRONIC MAIL (EMAIL) POLICY
18.1 POLICY
18.2 CARE IN DRAFTING EMAILS
18.3 VIRUSES AND ATTACHMENTS
18.4 INFORMATION CONFIDENTIALITY
18.5 INTENT TO ENFORCE AND MONITOR
18.6 RETENTION AND PURGING
18.7 JUNK MAIL
18.8 VERY LARGE FILES
18.9 PROTECTION OF YOUR TERMINAL
18.10 MAIL STORMS
19. PERSONNEL, FINANCIAL, RESEARCH AND CORPORATE RECORD STORAGE & TRANSPORTATION
19.1 OBJECTIVE
19.2 STORAGE
19.3 TRANSPORTATION
19.4 RESPONSIBILITY
20. HOME WORKING INFORMATION SECURITY STANDARDS
20.1 OBJECTIVE
20.2 USE OF PERSON‐IDENTIFIABLE DATA AT HOME
20.3 USE OF PRIVATELY OWNED COMPUTERS AT HOME
20.4 TRANSPORTATION OF DATA OR CONFIDENTIAL DOCUMENTS
20.5 STORAGE OF EQUIPMENT
20.6 STORAGE OF CONFIDENTIAL DATA OR REPORTS
21. EXCEPTIONS
22. FINAL CONSIDERATIONS
22.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
22.2 DOCUMENT REVISION

Pages: 29

Review IT Security Policy – Template 2.

Related Products:

€1,699.00

Purchase

This bundle contains all the products listed in the Data Governance section. Take advantage of the 25% OFF when buying the bundle!

€79.00

Purchase

The Records Management Policy outlines the principles and minimum standards for Record creation, classification, retention and destruction within the Company and its subsidiaries, affiliates, branches and representative offices.

€49.00

Purchase

The main objective of the Data Backup Procedure is to describe the processes and controls implemented by the Company in order to ensure the availability of its systems and data.