Information is a valuable asset to the Company. All Company employees, contractors and third-parties are expected to protect Company information. To accomplish this, the Company has established safeguards to protect its information from unauthorized modification, destruction and disclosure. Information Security Policy provide a foundation for the successful operation of all such safeguards.
The objectives of information security policies are to:
• Set forth policies to protect the confidentiality of sensitive information and safeguard it against unauthorized access and disclosure, whether intentional or accidental
• Promote the integrity of information assets by setting forth policies to protect such assets from unauthorized accidental or intentional damage, modification, and destruction
• Assure the availability of information by establishing policies to assure continued access to information regardless of unplanned business interruptions
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. MINIMUM ROLES AND RESPONSIBILITIES
3.1 COMPANY MANAGEMENT
3.2 INFORMATION SECURITY OFFICER
3.3 COMPUTER USERS
3.4 INFORMATION OWNERS
3.5 SYSTEM AND NETWORK ADMINISTRATORS
4. VIOLATIONS AND NON-COMPLIANCE
5. PROTECTED INFORMATION
6. INFORMATION CLASSIFICATION
7. ACCESS TO INFORMATION ASSETS
8. DATA TRANSMISSION USING NETWORKS
9. REMOTE ACCESS
10. VENDOR REQUIREMENTS
11. SECURITY INCIDENT MANAGEMENT PROGRAM
12. PASSWORD & AUTHENTICATION SYSTEM POLICY
12.1 AUTHENTICATION SYSTEMS FOR COMPANY EMPLOYEES
12.2 SERVICE, SHARED, AND “ACTAS” (“SUDO”) ACCOUNTS
12.3 PASSWORD RULES FOR INTERNAL SYSTEMS
12.4 CLIENT LOG-IN AUTHENTICATION
12.5 PASSWORD RULES FOR CLIENT PRODUCTS
13. EXCEPTIONS
14. FINAL CONSIDERATIONS
14.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
14.2 DOCUMENT REVISION
Pages: 15
This bundle contains all the products listed in the Data Governance section. Take advantage of the 25% OFF when buying the bundle!
The objective of the Internet Access and Usage Policy is to define standards for systems that monitor and limit web use from any host within Company’s network.
The Privacy and Data Protection Policy sets forth minimum standards for the collection, access, use, disclosure, disposal, safeguarding and other handling of certain nonpublic identifiable information on current, former, and prospective employees, clients and other third parties that the Company keeps or uses for business purposes. Such information is referred to as “Protected Information”.
Review Information Security Policy – Template 2.
You must be logged in to post a review.