Policy Creation

profileJuhhy15
project_template_all_sections_3.docx

Policy Title :

Comprehensive Information Security Policy

Policy Number:

001

Revision:

1

Policy Type:

Information Systems

Scope:

Enterprise

Approved By:

Professor ____________

No. of Pages

6

Origination Date:

June 26, 2006

Revision Date:

N/A

Reviewed By:

N/A

1.0 Purpose

The purpose of this policy is to ….

2.0 Scope

This policy applies to all employees, clients, vendors….

3.0 Definitions

Employees –

Vendors –

Customers –

Mobile devices –

Network –

4.0 Internet Acceptable Use

4.1Employees may….

4.2 Employees may not…

4.3 Responsibilities

4.3.1 Supervisors are responsible for ensuring employees are made aware of this policy. Network Administrators are responsible for monitoring Internet usage by whatever means they determine appropriate and may include monitoring software.

5.0 Email Acceptable Use

5.1 Employees may…

5.3 Responsibilities

5.3.1 Supervisors are…

6.0 Network and Computer Hardware Acceptable Use

6.1 Employees may…

6.2 Employees may not…

6.3 Responsibilities

6.3.1 Supervisors are…

Mobile Device usage

7.0 Password Policy – Put password policy here

7.1 Responsibilities

7.1.1 Network administrators are responsible for…

8.0 Configuration Management – Describe the plan in general and refer to a separate plan. You don’t have to create a separate plan, just “act like” you have that plan in place.

8.1 Employees shall….

8.2. Employees shall not…

8.3 Responsibilities

8.3.1 Network administrators are responsible for…

9.0 Disaster Recovery - Describe the plan in general and refer to a separate plan. You don’t have to create a separate plan; just “act like” you have that plan in place. Be sure to mention business continuation in your description.

9.1 Responsibilities

9.1.1

10. Enforcement

10.1 Responsibilities

10.1.1 Supervisors are responsible for… Employees are responsible for reporting… Network administrators are responsible for… Management is responsible for…

10.2 Sanctions – Put penalties for noncompliance with policy. You should have levels…like first offense, second offense, etc.