Information security policy

Information security policy documents

An information security policy document contains the written statements for how an organization intends to protect information. Written information security policy documents are required for compliance with various security and privacy regulations such as HIPAA, GLBA and the Sarbanes-Oxley Act.

Elements of an information security policy document

An ideal information security policy document should contain the following elements:

  1. Title - Brief description of the document.
  2. Number - A number or unique identifier for the policy document.
  3. Author - The author of the document.
  4. Publish Date - The date the policy has been officially approved.
  5. Scope - Describes the organizational scope that this policy applies to.
  6. Policy Text - The written policies.
  7. Sanctions - Provides information on violations of the written policy.
  8. Sponsor - The executive sponsor of the policy document.

Types of information security policy documents

See also

External links

Search another word or see Information security policyon Dictionary | Thesaurus |Spanish
Copyright © 2014 Dictionary.com, LLC. All rights reserved.
  • Please Login or Sign Up to use the Recent Searches feature