Information Security Policy & Procedure Examples

Instructor: Temitayo Odugbesan

Temitayo has 11+ years Industrial Experience in Information Technology and has a master's degree in Computer Science.

Protection of information and data in an organization is one of the most important and key requirements in ensuring business continuity. In this lesson, we will be looking at information security policies and procedures.

What is Information Security Policy

Information security policy is a set of framework policy documents created to guide the enforcement of measures protecting information and data of an organization from unauthorized access, sharing, loss or damage.

Sum Payment Group Ltd (SPG) is a payment service provider and processes payment on behalf of eCommerce websites. Transaction information, data capture, and storage are key components of its business and as a result, the protection of this asset is important to the survival of SPG's business.

With a staff strength of twenty, the probability of an accidental or intentional information leak is on the high side due to the number of potential access points for its information and data. SPG hired Big Up Security to carry out an audit of its information and data infrastructure and prevent this.

After the security audit, Big Up Security proposed to the management to use an information security framework to cover key areas and sections of the company for protection. It also would guide the staff in the acceptable use of the company's information technology infrastructure.

For example, captured in the information security framework is the following:

  • Acceptable Encryption Policy - This addresses the strength of encryption algorithm to use when protecting the company's information and data assets.
  • Acceptable Email Use Policy - This addresses the minimal requirements expected of staff using the official emails for communication within and outside the company.
  • Disaster Recovery Plan Policy - This addresses the readiness of the company to recover in time in the event of human or natural disasters.
  • Password Protection Policy - This addresses the minimum requirement expected of staff logging into the company's information portal or systems, how they compose their passwords, and how to protect it.
  • Remote Access Policy - This addresses the staff requirements to access the company's information and data resources from outside the company's network.
  • Bring Your Own Device Policy - This addresses the requirement of staff bringing to the office, their own personal mobile devices for use on the company's network.
  • Business Continuity Plan Policy - This addresses the various plans put in place by the company in ensuring that the business does not die off when faced with disasters or loss of information or data.

These policies guide the management on the requirements for its adoption and enforcement. Management through the Information Technology Department of the company releases the procedures for its enforcement.

Procedures Examples

Procedures are the processes and actions taken to implement the requirements in the policy documents.

For example, Sum Payment Group didn't want to alienate its staff by restricting their access to the company's computer system for private activities. Big Up Security suggested a new policy called the Bring Your Own Device Policy. This policy outlined its purpose and the procedural steps to take when implementing below:

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create An Account
Support