Information security policy


  • Provided by TechRepublic Premium
  • Published March 19, 2020
  • Topic TechRepublic Premium
  • Format PDF
To protect your information assets, you need to define acceptable and unacceptable use of systems and identify responsibilities for employees, IT staff, and supervisors/managers. This policy offers a comprehensive outline for establishing rules and guidelines to secure your company data.

From the policy:

Employee responsibilities
An employee who uses the company workstations or systems to conduct business operations must:
  • Ensure that all equipment use is for business/professional reasons.
  • Access only information that is needed to perform their jobs or assist others in doing so as part of the valid scope of their duties.
  • Be responsible for the content of all data, including text, audio, and images they share internally or externally. All communications should have the employee’s name attached.
  • Be responsible for all actions/transactions performed with their accounts.
  • Use passwords and screen locks on company-owned systems or devices, or those that have been approved for access to company data.
  • Log out when leaving a workstation for an extended period.
  • Store all shared passwords (such as for departmental accounts) in a centralized and encrypted password database, such as Password Safe or KeePass. The main password for these databases must also be kept private and provided only to authorized individuals.
  • Change passwords per company policy (e.g., every 90 days).
  • Know and abide by all applicable company policies dealing with security and confidentiality of company records.

People Also Downloaded