Download Now

Start free trial

Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.

Information security policy

Originally Published:
Mar 2018

To protect your information assets, you need to define acceptable and unacceptable use of systems and identify responsibilities for employees, IT staff, and supervisors/managers. This policy offers a comprehensive outline for establishing rules and guidelines to secure your company data.

From the policy:

Employee responsibilities
An employee who uses the company workstations or systems to conduct business operations must:

  • Ensure that all equipment use is for business/professional reasons.
  • Access only information that is needed to perform their jobs or assist others in doing so as part of the valid scope of their duties.
  • Be responsible for the content of all data, including text, audio, and images they share internally or externally. All communications should have the employee’s name attached.
  • Be responsible for all actions/transactions performed with their accounts.
  • Use passwords and screen locks on company-owned systems or devices, or those that have been approved for access to company data.
  • Log out when leaving a workstation for an extended period.
  • Store all shared passwords (such as for departmental accounts) in a centralized and encrypted password database, such as Password Safe or KeePass. The main password for these databases must also be kept private and provided only to authorized individuals.
  • Change passwords per company policy (e.g., every 90 days).
  • Know and abide by all applicable company policies dealing with security and confidentiality of company records.

Get This Download With Our Free Trial

People who downloaded this also downloaded