Policy, Standards, Procedures & Guidelines
Creating and communicating clearly articulate information security policy, standards, procedures and guidelines are important for any organization. These documents provide expectations of the organization staff when using technology.
Magnir is well-versed in writing policy, standards, procedures and guidelines that are based on the needs of the organization.
Sample Policies to Consider are:
Information Security Management
Acceptable Computer Use Policy
Social Media Policy
A policy must clearly articulate the direction of management that can be understood and followed by company staff.
Standards are rules and specifications that define requirements for policies that are in place. An example standard is the password standard which provides such details as:
- Allowable password characters (i.e., upper case, lower case, numeric, etc)
- Password length (i.e., must be at least 6 characters)
- Password history (i.e., cannot re-use the last 4 passwords)
- Password duration (i.e., 90 days)
Procedures are among the most important part of establishing an information security program. Procedures outline steps needed to accomplish specific tasks and often provided in documents and workflow diagrams.