Information Security Policies

What are they?

Information Security Policies provide a comprehensive baseline for identifying what must be done in your organisation to protect your business information assets. Good policies are simple, pragmatic, and should be clearly communicated to your employees from the top down. They can proactively define and promote a culture of awareness, action, and responsibility.

As a set of requirements, they can also be used to generate an audit plan or checklist to ensure compliance. Done properly, no other mechanism has the power to ensure that all employees are working towards the established business goals as a good set of policies and procedures. Comprehensive and detailed policies set the foundation for your information risk management program as they are required to meet virtually all applicable legislation and regulations.

Why should I do it?

How could you not? Baseline policies enable your management, staff and 3rd party suppliers to understand the minimum they must (and must not) do to ensure that your sensitive business information is protected.

Establishing Information Security Policies is also internationally recognised best practice and required for compliance to virtually all governance risk and compliance frameworks.

How often should I do this?

Once established, your policies should be re-evaluated after any major change to your systems. At a minimum, they should be reconfirmed and updated annually to keep them current with your business security objectives.

What will Risk Factory do?

• Provide template best practice Information Security Policies for your branding and implementation.
• Deliver an additional template of recommended “control-level” procedures required for actually implementing the policies.
• Conduct a workshop for management and key business stakeholders to ensure their understanding and finalisation of the policies for implementation.

Provide one year of telephone support from an information security policy specialist to answer any questions or issues you may have regarding the implementation of the policies.

What will I receive?

• A complete set of Information Security Policies and recommended procedures. To see a sample of the policy contents please contact our Risk Factory Foreman.
• A certificate of validation for evidence of compliance.
• A half-day workshop to ensure stakeholder understanding and “buy-in”.
• Ongoing advice and assistance with policy questions.

Is there anything I need to do in advance?

You’ll need to speak with our policy specialist so we can understand your current policy goals and objectives and schedule a workshop and then ensure that the appropriate business stakeholders are available to attend the workshop. If you have any questions, don’t hesitate to contact the Factory Foreman.