Information security policy documents

From Wikipedia, the free encyclopedia

An information security policy document contains the written statements for how an organization intends to protect information. Written information security policy documents are required for compliance with various security and privacy regulations such as HIPAA, GLBA and the Sarbanes-Oxley Act.

Contents 1 Elements of an information security policy document 2 Types of information security policy documents 3 See also 4 External links

[edit] Elements of an information security policy document

An ideal information security policy document should contain the following elements:

1. Title - Brief description of the document.
2. Number - A number or unique identifier for the policy document.
3. Author - The author of the document.
4. Publish Date - The date the policy has been officially approved.
5. Scope - Describes the organizational scope that this policy applies to.
6. Policy Text - The written policies.
7. Sanctions - Provides information on violations of the written policy.
8. Sponsor - The executive sponsor of the policy document.

[edit] Types of information security policy documents

• Mobile Computer Policy
• Firewall Policy
• Electronic Mail Policy
• Data Classification Policy
• Network Security Policy
• Internet Acceptable Use Policy
• Password Policy

[edit] See also

• Remote Access Policy

[edit] External links

• Information Security Policies Made Easy contains fifteen pre-written information security policy documents.
• The SANS Security Policy Project provides a free collection of policies and policy templates.