This document defines the information security policy of [Organization Name].
As a modern, forward-looking business, [Organization Name] recognises at senior levels the need to ensure that its business operates smoothly and without interruption for the benefit of its customers, shareholders and other stakeholders.
In order to provide such a level of continuous operation, [Organization Name] has implemented a set of information security controls to address its perceived risks.
Information security has many benefits for the business, including:
- Protection of revenue streams and company profitability
- Ensuring the supply of goods and services to customers
- Maintenance and enhancement of shareholder value
- Compliance with legal and regulatory requirements
This policy applies to all systems, people and processes that constitute the organization’s information systems, including board members, directors, employees, suppliers and other third parties who have access to [Organization Name] systems.
The following supporting documents are relevant to this information security policy and provide additional information about how it is applied:
- Cloud Computing Policy
- Mobile Device Policy
- Access Control Policy
- Cryptographic Policy
- Physical Security Policy
- Anti-Malware Policy
- Network Security Policy
- Electronic Messaging Policy
- Data Protection Policy