Your organisation’s sensitive information, ICT systems and digital services are accessed by employees, contractors and external service providers, and must be protected from inappropriate use, modification, loss or disclosure.
An information security policy defines management’s expectations for protecting your information assets, and establishes the minimum requirements for their protection.
What you can expect
Assistance to reduce your risk by developing and implementing information security policy and guidelines to protect sensitive information, ICT systems and digital services
Consideration of your organisation’s situation, with policy and guidelines tailored to suit
Because we have experience developing policy and guidelines for diverse organisations in the commercial, government and defence sectors, we have a good idea of what others are likely to require.
We make sure your information security policy:
- provides clear direction to employees, contractors and external parties about their responsibilities for protecting the information assets
- gives you a framework to identify, assess and manage areas of policy non-compliance
- establishes an overarching structure to support security standards, processes and procedures to implement the policy
- describes security engineering principles for employees, contractors and service providers who design, configure and support your ICT and digital systems and infrastructure
- promotes and supports adherence to privacy legislation, regulations and industry standards.
A pragmatic policy, designed to be usable, enforceable and maintainable
To be effective, the policy and guidelines must apply to employees, contractors and external parties who have access to your organisation’s information, systems and infrastructure.
It must also apply to all company information in use, transit or storage in any physical or electronic form.
A well-written information security policy ensures clarity of the requirements, who and what they apply to.
Allowing for flexibility in implementation, we make sure requirements aren’t unnecessarily constraining and don’t impose excessive security lock-down for your business’s operations.
Your enterprise-ready information security policy will be based on ISO 27002 Information technology – Security techniques – Code of practice for information security controls, the latest worldwide standard for information security, and will include all ISO 27002 security control categories.
And, if necessary, we can assist you to address the information security requirements of the Australian Government Protective Security Policy Framework.
Get the clarity you need to develop and implement pragmatic information security policy and guidelines
Speak to one of our consultants to find out how Frame’s security solutions can make a difference to your business.