An Information Security Policy is the requirement of any formalised Information Security Management System (ISMS). The policy needs to be established by Senior Management and approved by them prior to being issued.
It is important that the Information Security Policy is appropriate to the purpose of the organisation. In addition to that, it needs to include information security objectives, or provides the framework for setting them.
Other commitments which are required within the policy includes commitment to satisfy applicable requirements related to information security and continual improvement of the ISMS.
The Information Security Policy is typically about one A4 page long and good practice includes having the policy signed and dated by a representative from management.
Another requirement from an ISMS perspective, is that it need to be available in a documented format and be communicated to all relevant stakeholders.
Including the Information Security Policy on an organisations website, demonstrates their commitment to information security and can be beneficial for getting potential new clients. Particular in the current climate where there is an increased focus on protecting information and complying with GDPR.
Other ways of communicating the policy, particular to employees of an organisation, include communication internally through employee inductions, internal briefings and notice boards.
If an organisation has implemented an Information Security Management System (ISMS) that need to be certified to ISO 27001, then they are required to have a documented Information Security Policy.
This policy can be purchased individually or as part of a package. If you are implementing a management system based on one or more of the main ISO standards, then our management system packages might be more cost effective.
Our standard management system packages cover a combination of ISO 9001, ISO 14001, ISO 27001 and ISO 45001. However, additional standards can easily be included if needed.
Reviews
There are no reviews yet.