Publishing an Information Security Compliance Policy

Instructor: Beth Hendricks

Beth holds a master's degree in integrated marketing communications, and has worked in journalism and marketing throughout her career.

Publishing an information security compliance policy is important not only for awareness, but to make sure your company is in line with required laws and regulations. Learn more about why this is critical and the best way to go about it.

Finding the Policy

Sarah has a problem. She just got her hair cut, and even invested in an expensive hair tool to maintain her new 'do. But after a few days of struggling, Sarah discovered she's just not that nimble at hair styling. Where's that receipt? Can she take this thing back? She hunts down the receipt, flips it over, and reads through the store's return policy on the back. Hmm...

Have you ever purchased something, got it home, and either changed your mind or discovered it didn't fit or match? (Raises hand... yes, I'm guilty too!) Sarah's recent failed purchase is pretty familiar; so, too, is her desire to return it. But, have you ever scoped out the return policies of your favorite stores? Each one is a little different, specifying how much time you have, what condition the item should be in, and whether you can get cash back or in-store credit.

Stores publish these policies to inform their customers of what is expected of them in the process of returning an item and what the store itself is willing to do. Without publishing these, customers would have no idea what's required or covered.

Why Return Policies are Like Security Policies

Publishing security policies internally in an organization is done for similar reasons: to educate, inform and ensure overall compliance with applicable laws and regulations. Let's explore the process and importance of publishing these types of policies.

Importance of Publishing Your Policy

To make certain everyone in your company follows your information security compliance policy, they have to first know it exists, right? And, beyond simply knowing it exists, your goal should be for everyone in your organization to have a thorough understanding of what your security compliance mandates entail. Publishing your policy internally will take care of both.

The policy itself details your security goals and objectives, roles and responsibilities of everyone inside the organization regarding security compliance, and how compliance is associated with your company's overall information security program.

Also detailed in the policy are the requirements employees must follow to ensure the company is compliant with laws and regulations impacting their industry. For example, members of the payment card industry are required to ''install and maintain a firewall configuration to protect cardholder data,'' according to the Payment Card Industry Data Security Standard.

Simply publishing an information security compliance policy can serve as an effective tool in navigating compliance. These types of policies allow organizations to continually evaluate the effectiveness of the company's security controls to keep in compliance with applicable laws and regulatory requirements. A written policy for compliance can help ensure an organization that is subject to various laws and regulations is complying with them as they should.

Think of it like a roadmap for ensuring you stay on the right compliance path.

Process of Publishing Your Policy

Once a policy has been developed and drafted and approved by the management of a company, it's important to publish the document in a place (or in a way) that makes it accessible to all employees. If you work in an environment where everyone has access to computers, electronic distribution may be best. If, however, you work in an environment where some have computer access and some don't, you may decide to publish it on the company intranet and also post printed copies on bulletin boards.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 160 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create An Account