A security policy is a document of strategic importance which lets you effectively manage the security of corporate information.
Service description:
Ensuring data security is currently an indispensable aspect of every company's operations – it is not only the norm and a need, but a legal requirement as well. These requirements and the need to protect confidential corporate information necessitate the implementation of a range of organisational and technical measures. A security policy is a document of strategic importance which lets you effectively and comprehensively manage the security of corporate information. It specifies goals, strategies and actions which determine how your IT resources are managed, protected and made available within your institution and its IT systems.
Service scope:
Developing a security policy document involves analysing the client's operations, the IT technologies used by the company and its information flow, and is followed by the creation of a document specifying a set of goals, norms and standards and a data protection strategy. The process of developing a security policy may also be expanded to include executive documentation and procedures which ensure that the level of data security specified in the policy is maintained.
A security policy typically includes:
- a set of IT system security goals
- a description of the organisational structure and specification of who is responsible for particular security aspects
- risk assessment
- risk management strategy descriptions
- IT system security requirements, in particular:
- defining and implementing procedures and rules of conduct ensuring IT system security
- descriptions of selected security measures
- IT system security accreditation methods
- operational continuity plans
- definitions of data confidentiality levels
- the IT system areas to be protected
Benefits:
Implementing an Information Security Policy offers the following benefits for your organisation:
- A uniform and more organised approach to information security
- Clear division of labour and responsibilities with regard to information security
- Increased IT system and data security