Security policy and guidelines

Because we have experience developing policy and guidelines for diverse organisations in the commercial, government and defence sectors, we have a good idea of what others are likely to require.

We make sure your information security policy:

• provides clear direction to employees, contractors and external parties about their responsibilities for protecting the information assets
• gives you a framework to identify, assess and manage areas of policy non-compliance
• establishes an overarching structure to support security standards, processes and procedures to implement the policy
• describes security engineering principles for employees, contractors and service providers who design, configure and support your ICT and digital systems and infrastructure
• promotes and supports adherence to privacy legislation, regulations and industry standards.

To be effective, the policy and guidelines must apply to employees, contractors and external parties who have access to your organisation’s information, systems and infrastructure.

It must also apply to all company information in use, transit or storage in any physical or electronic form.

A well-written information security policy ensures clarity of the requirements, who and what they apply to.

Allowing for flexibility in implementation, we make sure requirements aren’t unnecessarily constraining and don’t impose excessive security lock-down for your business’s operations.

Your enterprise-ready information security policy will be based on ISO 27002 Information technology – Security techniques – Code of practice for information security controls, the latest worldwide standard for information security, and will include all ISO 27002 security control categories.

And, if necessary, we can assist you to address the information security requirements of the Australian Government Protective Security Policy Framework.