The objective of this Information Security Policy is to ensure that there is an appropriate focus by staff and management on the level of information security throughout Company supporting:
a. The adequate protection of security classified information assets
b. Effective governance of information security controls
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. INFORMATION SECURITY
4. RESPONSIBILITIES FOR INFORMATION SECURITY
4.1 LINE MANAGEMENT
4.2 COMPANY PERSONNEL
4.3 RISK MANAGEMENT COMMITTEE
4.4 IT SECURITY AND BCM COMMITTEE (ISBC)
4.5 TECHNOLOGY RISK MANAGEMENT DEPARTMENT
4.6 INFORMATION TECHNOLOGY
4.7 INFORMATION SECURITY OFFICERS
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The Records Control Procedure establishes the rules to be followed in order to maintain control of the identification, storage, protection, retrieval, retention time and disposition of records inside the Company.
The purpose of the Protection Against Malicious Software Policy is to capture the requirements of the Company regarding controls preventing, detecting, suppressing and countering malicious software.
The Confidential Information – Breaches and Escalation Policy sets out the escalation procedures to follow in the event of a breach of confidential information within Company and requirements regarding the protection of confidential information with third party service providers.