What is Information Security?
Given the digital scope of business today, most firms are heavily invested in their Information Security programs and procedures. Ensuring that data, systems and infastructures are safe and secure should be run of the mill and a top priority, regardless of size or sector.
Information Security in its broadest sense is how a company protects itself against the unauthorised access of its information, systems and infastructure. It also includes what controls and measures are used to aid in this prevention and the protocols used should a security incident occur.
Cyber Essentials & ISO27001
Schemes such as the Governments’ Cyber Essentials or BSI’s ISO27001 give organisations a structured framework to follow, providing general guidance on the controls and measures that should be in place. These schemes also enable certification and evidence of a compliant Information Security Program, which boosts reputation and customer confidence.
Information Security Policy
Information security cannot simply be documented in one policy. The scope and requirements of information security are such that a suite of policies are usually developed, from asset management and security incidents; through to firewalls and malware protocols.
However, the overarching policy that ties all of the Info Sec program documents together is undoubtably that Information Security Policy template. This policy should aim to provide a summary of the information security program and should point to the individual policies and procedures for each information security area.
It is essential to document your objectives when it comes to information security. What do you aim to achieve through the controls and measures put into place?
Below are some suggested objectives, however they should always be written with the company in mind and include any specific security aspects relevant to both the business and industry.
- Information will be protected in line with all our data protection and security policies and the associated regulations and legislation.
- All information assets will be documented on an Information Asset Register (IAR).
- The Company will assign a nominated owner to each IAR asset who will be responsible for defining the appropriate uses of the asset and ensuring that appropriate security measures.
- All information will be classified according to an appropriate level of security
- Information will only be made available solely to those who have a legitimate need for access and who are authorised to do so.
- Information will be protected against unauthorised access via the use of firewalls, malware software, encryption methods and controls as set out in this policy.
Not all information is in a digital format. Information security also includes hard copy data that must be stored and disposed of safety and securely. Mnay firms use a shredding or confidential waste paper service which is offered by an external service provider. Your Information Security Policy should document how you dispose of confidential waste paper and what controls you have in place for due diligence with any third-party service provider.
Electronic information must be securely erased or otherwise rendered inaccessible prior to leaving the possession of an organisation, unless the disposal is undertaken under contract by an approved disposal contractor. In cases where a storage system (for example a computer disc) is required to be returned to a supplier, it should be securely erased before being returned unless contractual arrangements are in place with the supplier which guarantee the secure handling of the returned equipment.
Information Security Policy Template
There are often 10 or more policy templates that make up a compliant and robust Information Security Policy Program. Know Your Compliance Limited have nearly 20 years experience of writing and developing regulatory policies and procedures. With over 5500 organisations already using our policy templates, you can be assured of professional, high quality content that allows you to hit the ground running.
Why spend time and resources writing extensive Information Security policies when we have done most of the hard work for you! Take a look at our Information Security Policy Toolkit and see why so many firms are using our templates already.