|
|
Advanced
How To Guides
Internal IT Security Policy and Procedures
Introduction
The
purpose of this document is to provide you with sample
policies and procedures, which may be included on formal
internal security documentation. Our sample is a combined
security policy and security procedures document. However,
there is an increasing tendency to have separate documents
for "Security Policy", "Security Procedures"
and "Security Standards". We should also emphasise
that this sample is designed to illustrate the type
of issues that need to be addressed rather than necessarily
an example of the best way for your company to address
them.
Each company should develop their own, more detailed
policies, procedures and standards documents, to support
their specific business situations and requirements,
using independent professional advice where appropriate.
Once your Security policy document has been developed
it should be provided to all of your company's computer
users and to anyone else accessing your company's computer
systems. You may wish to have all agree that they will
observe the policy. This can be done by having them
sign a piece of paper or by clicking an "Accept"
button when they login. A typical wording for the latter
is given in Appendix 3.
The
document is laid out as follows:
-
The main section deals with security policy issues
that are relevant to all staff and to third parties
accessing your IT network.
-
The first appendix contains a summary of current
legislation that relates to the use of IT systems.
-
The second appendix outlines potential IT set-ups
in place relating to security, which are usually
primarily the concern of the IT Department.
-
The third appendix contains notices that could be
displayed on external mail leaving your company
or on logon to the network, for example.
|
|
