Information Security Policy
It is very important that a formal policy is defined, is approved by management and communicated to all employees and relevant third parties. The objective of the policy is to provide management direction and support for information security in accordance with business requirements and relevant laws and regulations.
Wellington offers policy creation assistance or may define a suite of customised policies on behalf of the customer. Most organisations will use a set of policies instead of a single document. The range of policies may include but is not limited to:
- Information security policy
- Data protection policy
- Information classification, labelling and handling policy
- HR policy
- Training policy
- Physical security policy
- Communications and operations policy
- Backup policy
- Electronic communications policy
- Network security policy
- Access control policy
- Business continuity plan