Security Policy Document Project

Security Policy Document Project

Information is an asset which, like any other valuable asset, it is essential to the business of an organization and consequently needs to be suitably protected (Siponen & Vance, 2010; Bulgurcu, Cavusoglu & Benbasat, 2010). The information may exist in various forms. It can be printed or written on paper, stored electronically, transmitted by post or by electronic means, shown on films, or spoken in conversation. Whatever form of presentation or the means by which information is shared or stored, it is recommended that it always be adequately protected (Doherty, Anastasakis & Fulford, 2009; Herath & Rao, 2009).

Objective

The policies below reflect institutional values ??of GDI and reaffirm their commitment to the continuous improvement of this process:

The information is collected in an ethical and legal framework, with the knowledge of the customer, for specific purposes and properly informed;

Information is received by the GDI, handled and stored safely and intact, with methods of encryption or digital certification, if applicable;

The information is accessed only by authorized personnel trained to use them properly;

The information may be provided to contractors for services, such organizations being required to comply with our policy and security policy and data privacy;

The information is only provided to third parties with prior permission of the client or to meet legal or regulatory requirement;

The information and data contained in our records and other requests that will ensure legal or contractual rights are only provided to the interested parties themselves, by formal request, following the legal requirements.

Policies

This policy gives each employee the science of the environments, systems, computers and company networks may be monitored and recorded, with prior information as provided for in law (Da Veiga & Eloff, 2010; Siponen, Pahnila & Mahmood, 2010). It is also the obligation of each employee to keep yourself updated about this Security Policy Document and procedures and related standards, seeking guidance from your manager or Management Systems whenever you are not absolutely sure about the purchase, use and / or disposal of information (Herath & Rao, 2009; Siponen & Vance, 2010).

Information produced or received by employees as a result of the activity professional hired by the organization belongs to the institution (Bulgurcu, Cavusoglu & Benbasat, 2010; Doherty, Anastasakis & Fulford, 2009). Exceptions must be explicit and formalized in a contract between the parties. Computer equipment and communication, and information systems are used by employees for the performance of professional activities (Herath & Rao, 2009; Da Veiga & Eloff, 2010). Personal use of resources is allowed provided they do not impair the performance of systems and services.

For uniformity of information, the Security Policy Document should be communicated to all employees so that the policy is complied with within and outside the company (Siponen, Pahnila & Mahmood, 2010; Herath & Rao, 2009). There should be a multidisciplinary committee responsible for the management of information security, hereinafter referred to as the Information Security Committee. The responsibility for the security of information must be reported in phase hiring of ...