Policies & Standards

Information Security Policies are required to describe management intent for an organisation’s Information Security.  In general, where organisations do not have Information Security Policies, security is implemented on an adhoc basis with little to no structure around Information Security, resulting in unstructured security architecture and unknown vulnerabilities.

Security Standards provide further detail of “how” the Information Security Policy will be implemented.  It defines in more detail the processes involved to be able to measure compliance to the Information Security Policy, and often refer to more detailed operational procedures.

The development of these documents will assist to define practices and processes within your organisation which can provide cost and efficiency benefits as well as the benefits directly associated with security.  These benefits are based on the standardisation of security practices across your organisation.

In developing your Information Security Policy, we endeavour to utilise the following information to formulate your Information Security Policy.
- Your corporate IT policy
- Your IT Security Objectives and Strategies
- Security Related Legislation and Regulations related to your organisation
- Your corporate IT Environment
- Existing practices and culture of your organisation