The Company has adopted an Information Risk Management Policy (“Policy”) to describe rules and expectations for both itself and all its direct and indirect subsidiaries countrywide (together with the Company) concerning roles and responsibilities for identifying and reducing risks associated with the loss of confidentiality, integrity, or availability of Company’s Data (“Information Risk”).
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. MONITORING INFORMATION RISKS
3.2 MONITORING INFORMATION RISKS
3.3 COMPLETING INFORMATION RISK ASSESSMENTS
3.4 COMMUNICATION AND OVERSIGHT OF INFORMATION RISK
3.5 MONITORING INFORMATION RISKS
3.6 COMPLETING INFORMATION RISK ASSESSMENTS
3.7 COMMUNICATION AND OVERSIGHT OF INFORMATION RISK
4. CONTINUITY PLANS
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes.
The objective of the Configuration Management Procedure is to ensure the integrity and availability of Company information and to prevent damages from uncontrolled configuration changes to all IT and physical infrastructure services that support Company’s systems.