OpenUp - How To Guides - Internal IT Security Policy and Procedures

Key Messages
How-To Guides
Case Studies
Assessment Tools
Solutions Providers
Library

Advanced How To Guides

Internal IT Security Policy and Procedures

The purpose of this document is to provide you with sample policies and procedures, which may be included on formal internal security documentation. Our sample is a combined security policy and security procedures document. However, there is an increasing tendency to have separate documents for "Security Policy", "Security Procedures" and "Security Standards". We should also emphasise that this sample is designed to illustrate the type of issues that need to be addressed rather than necessarily an example of the best way for your company to address them.

Introduction

Sample Policy Document

1. NETWORK ACCESS

1.1 User Identification and Passwords
1.2 Access to "Company Name" Information
1.3 Data Protection Act
1.4 Personal use of computer systems

2. PC and NOTEBOOK SECURITY

2.1 General
2.2 Software
2.3 Confidentiality
2.4 Notebooks and Palmtops
2.5 Computer Viruses

3 Internet AND EMAIL

3.1 General
3.2 Email

4 UNSOLICITED COMMUNICATIONS

5 TELECOMMUNICATIONS

6 THIRD PARTY ACCESS

7 SOFTWARE LICENCES

8 DATA BACKUPS

Appendix 1 - Legislation

Appendix 2 - IT Dept/personnel SECURITY RESPONSIBILITIES

Appendix 3 - SECURITY NOTICES

For a printable PDF version of this guide please click here.
Note: you will need to have Adobe Acrobat reader to view these documents.
If you do not have the Adobe Acrobat reader you can download it free from here: