What is the IS Policy about
- The Information Security (IS) Policy document establishes the rules, laws and practices of how an organisation will manage, protect and distribute its sensitive information (internally & externally), and defines the framework for the overall information security of the organisation.
The need and applicability of IS Policy
- Almost all public or private organisations nowadays are rely on the information systems to carry out their operations. The IS policy is the foundation of Information Security effectiveness aiming to protect the organisation information and prevent any exploitation of any information that is stored, processed and transmitted by Company assets-systems-applications including personnel either internal or external.
- The policy applies to anyone that has direct or indirect relationship with the organization information in any format.
Resulco IS Policy Development service is aimed to assist any organisation to build and implement a successful policy based on their requirements by developing the necessary policies for the proper control and governance of information security. Therefore, the policy should be accurate, comprehensive, usable, proactive and enforceable in order to be effective for the organisation.
The main topics of a comprehensive IS Policy includes but not limited to:
- Access control
- Change management
- Acceptable use
- Security awareness
- Data classification and control
- Remote access
- Risk analysis and assessment
- Backup and restore
- Patch management
- Personnel security and training
- Password and user ID management Instant
- Encryption and digital signatures
- Mobile Device
- Third Party Access
- Asset management
- Data handling, labelling, and retention