. https://www.itgovernance.eu/blog/en/how-to-document-your-information-security-policy
blog article
Information security policies play a vital role in organisational security. Getting your policy right will give you an excellent framework to build on, making sure that all your efforts follow a single goal. But if you get it wrong, you risk neglecting key issues and exposing yourself to data breaches. To make sure you get off on the right track, we’ve taken some advice from Alan Calder and Steve Watkins’ IT Governance – An International Guide to Data Security and ISO27001/ISO27002 and Calder’s Nine Steps to Success: An ISO27001 Implementation Overview. As renowned experts in ISO 27001, the international standard for information security, their guidance is invaluable for any organisation that’s serious about security. Information security policy basics. An information security policy is a set of documents explaining an organisation expects its employees to do in order to prevent security incidents. It doesn’t need to be lengthy, but it must capture senior staff’s ideals and objectives for the organisation. READ MORE