Module 2 - Security Policy Statement
Information Security Policy – Sample
A company’s Information Security Policy statement can be as simple as the following example:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<Company Name>
1.0 Information Security Policy
<Company Name> views information assets as significant and valuable resources that are vital to the successful operation of the company. <Company Name> business depends on the availability of our information resources, on the accuracy of information provided to customers, and on the proper caution and security being exercised to protect personnel and customer data. The aim of <Company Name> Information Technology Internal Controls Policies and Procedures is to limit the risk to information resources and enhance the operation of those resources in a manner that best supports <Company Name> business goals. The purpose of this policy is to provide direction and guidance in the establishment of minimum Information Technology Security Procedures for use within <Company Name> administered companies.
All <Company Name> employees, suppliers, contractors, partners, and agents (hereafter referred to as <Company Name> internal and contract personnel) that use <Company Name> information resources are responsible for protecting those resources as described in these procedures. In addition, it is the responsibility of all <Company Name> internal and contract personnel to comply with federal, state, and local acts, statues, and regulations that relate to the control and authorized use of <Company Name> information and resources.
These procedures apply to information, resources, and media owned by or in the control of <Company Name> whether on <Company Name> premises or third-party location.
The compliance by internal employees and contractors to these procedures is mandatory.
Confidentiality – To ensure the privacy of personnel and business information in the business applications and systems that support the successful operation of the business.
Integrity – To ensure the correctness or integrity of the information that is contained in the business applications and systems that support the successful operation of the business.
Availability – To ensure the availability of business systems, applications and information through the use of internal controls that will govern the management and use of information resources.