Information Security Policy
Policies set the tone at the top. For the BC government, the Information Security Policy is the overarching policy; however we suggest that organizations create high-level security policies targeted towards their operations.
Control Objective
- Policy is documented, approved, followed, reviewed, and updated regularly
- Policy should be standards-based in order to evolve over time
- Include Appropriate Use so employees know what they may and may not do