KirkpatrickPrice
Innovation. Integrity. Delivered.
Quickstart to Information Security Policies Importance of Information Security Policies Robust documentation of information security standards, policies, and procedures is one of the hallmarks of an effective information security program – and it doesn’t have to be a daunting task to create them. With the right partner, you can create and implement robust information security policies and procedures for your organization and help ensure the security and success of your business. Depending on the industry your organization is in and the legal requirements and/or frameworks that you must comply with, there will be various topics that your information security policies should cover. Considering this, we’ve come up with a checklist of 15 recommended topics that information security policies should include. Please note that this checklist serves as a baseline overview of what policies should be included by a new information security program, and if your organization has to meet other compliance standards, such as SOC 2 or HIPAA, there will be additional requirements or topics that need to be included. Information Security Policies Checklist A recommended set of information security documentation should include the following topics: • • • • • • • • • • • • • • •
Information Security Policy Risk Assessment Standards and Procedures Acceptable Use Policy Remote Access Policy, Standards, and Procedures Secure Systems Management Policies, Standards, and Procedures Monitoring and Logging Policies, Standards, and Procedures Encryption Standards and Key Management Procedures Change Management Standards and Procedures Data Classification Policies, Standards, and Procedures Incident Response Procedures User Identification, Authentication and Authorization Policies, Standards, and Procedures Data Backup Procedures and Standards Perimeter Defense Standards and Procedures Data Retention and Disposal Policies, Standards, and Procedures Personnel Security Policies, Standards, and Procedures
Getting Started on Your Information Security Policies Need assistance developing your information security management program? At KirkpatrickPrice, we know that doing this is no small feat. Let us help you along the way. Contact us today to learn more about our policy development services or to speak to one of our Information Security Specialists.