In today’s challenging environment, information must be protected because of its critical value in terms of maintaining the private technical and commercial secrets, our customers’ trust and the corporate image of the company. Information protection plays a decisive role in all our future developments.
This Information Security Policy identifies the guiding principles that all Company employees must adhere to in order to ensure the confidentiality, integrity, and availability of Company’s information assets. It is linked to more detailed policies and standards. These principles can be used to establish, implement, operate, monitor, review, maintain and improve an Information Security Management System (ISMS).
An ISMS ensures adequate and proportionate security controls that protect information assets and give confidence to our customers. This is often mandatory in order to maintain and improve competitive edge, cash flow, profitability, legal compliance and commercial image in the context of the vital need to open our Information Systems.
This policy also defines how any type of documents or database records containing business information should be securely produced, communicated, accessed and destroyed (as applicable) regardless of the support or transport medium.
Business information (defined as knowledge, facts, data or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative or audiovisual forms) is a company asset that must be protected by every employee. Information security is everybody’s responsibility, technical means alone cannot guarantee the required security if not underpinned by procedures and employees.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. STRUCTURE OF THIS DOCUMENT
3.2 MAIN SECURITY CATEGORIES
4. RISK ASSESSMENT AND TREATMENT
4.1 ASSESSING SECURITY RISKS
4.2 TREATING SECURITY RISKS
5. INFORMATION SECURITY POLICY
6. ORGANIZING INFORMATION SECURITY
6.1 INTERNAL ORGANIZATION
6.2 EXTERNAL PARTIES
7. ASSET MANAGEMENT
7.1 RESPONSIBILITY FOR ASSETS
7.2 INFORMATION CLASSIFICATION
8. HUMAN RESOURCES SECURITY
8.1 PRIOR TO EMPLOYMENT
8.2 DURING EMPLOYMENT
8.3 TERMINATION OR CHANGE OF EMPLOYMENT
9. PHYSICAL AND ENVIRONMENTAL SECURITY
9.1 SECURE AREAS
9.2 EQUIPMENT SECURITY
10. COMMUNICATIONS AND OPERATIONS MANAGEMENT
10.1 OPERATIONAL PROCEDURES AND RESPONSIBILITIES
10.2 THIRD PARTY SERVICE DELIVERY MANAGEMENT
10.3 SYSTEM PLANNING AND ACCEPTANCE
10.4 PROTECTION AGAINST MALICIOUS AND MOBILE CODE
10.6 NETWORK SECURITY MANAGEMENT
10.7 MEDIA HANDLING
10.8 EXCHANGE OF INFORMATION
10.9 ELECTRONIC COMMERCE SERVICES
11. ACCESS CONTROL
11.1 BUSINESS REQUIREMENTS FOR ACCESS CONTROL
11.2 USER ACCESS MANAGEMENT
11.3 USER RESPONSIBILITIES
11.4 NETWORK ACCESS CONTROL
11.5 OPERATING SYSTEM ACCESS CONTROL
11.6 APPLICATION AND INFORMATION ACCESS CONTROL
11.7 MOBILE COMPUTING AND TELEWORKING
12. INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE
12.1 SECURITY REQUIREMENTS OF INFORMATION SYSTEMS
12.2 CORRECT PROCESSING IN APPLICATIONS
12.3 CRYPTOGRAPHIC CONTROLS
12.4 SECURITY OF SYSTEM FILES
12.5 SECURITY IN DEVELOPMENT AND SUPPORT PROCESSES
12.6 TECHNICAL VULNERABILITY MANAGEMENT
13. INFORMATION SECURITY INCIDENT MANAGEMENT
13.1 REPORTING INFORMATION SECURITY EVENTS AND WEAKNESSES
13.2 MANAGEMENT OF INFORMATION SECURITY INCIDENTS AND IMPROVEMENTS
14. BUSINESS CONTINUITY MANAGEMENT
15.1 COMPLIANCE WITH LEGAL REQUIREMENTS
15.2 COMPLIANCE WITH SECURITY POLICIES AND STANDARDS AND TECHNICAL COMPLIANCE
15.3 INFORMATION SYSTEMS AUDIT CONSIDERATIONS
16. DOCUMENT SECURITY
16.2 HOW TO HANDLE CLASSIFICATION
16.3 INFORMATION SENSITIVITY LEVELS
16.4 SECURITY CLASSIFICATION LEVELS
16.5 MARKING OF DOCUMENTS
16.6 SECURITY OF DOCUMENTS
16.7 DISTRIBUTION OF DOCUMENTS
16.8 SHARING OF COMMERCIALLY SENSITIVE INFORMATION
16.12 OTHER ELECTRONIC COMMUNICATION FACILITIES
16.13 USERNAME & PASSWORDS
16.14 SECURE DISPOSAL OF CLASSIFIED DOCUMENTS
16.15 SECURE DISPOSAL OF OLD / REDUNDANT EQUIPMENT AND BACKUP MEDIA
16.16 DOCUMENT REPRODUCTION
18. FINAL CONSIDERATIONS
18.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
18.2 DOCUMENT REVISION
This bundle contains all the products listed in the Data Governance section. Take advantage of the 25% OFF when buying the bundle!
The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes.
The objective of the Secure Operation and Compliance Standard is to ensure that the Company adheres to the highest standards of information security. It is committed to upholding client confidentiality and protecting client information.
Review Information Security Policy – Template 3.
You must be logged in to post a review.