Information Security Policy

Developed a corporate information security policy, implemented it and rolled out the training and awareness programme

The corporate information security policy was structured around the ISO27001 and ISO27002 standards since these are considered best practicies for organizations wanting to initiate, implement and mainain an information management system.  

The policy was wiritten to conform to the standards where appropriate and to provide the organization with the guidance, rules and other necessary requirements to enable the secure and reliable operation of the organization's information systems infrastructure.  It incorporated mandatory minimum security baselines and the related standards, procedures and guidelines to be followed and executed by IT practicioners and the users.

The implementation process involved devloping all information security policy related presentation and training material as well as the advertising and promotional material, eg. banners, brochures and signs.  This material was used as part of the roll-out to the entire organization - attendance was compulsory to the training and awareness sessions and attendance records kept.  Implementation also involved monitoring compliance from the IT department perspective to ensure appropriate execution and adherence to the policy.

The policy is to reviewed and updated on a regular basis and refresher training and awareness sessions rolled out to the organization every 2-3 years.