Policies set the tone at the top. For the BC government, the Information Security Policy is the overarching policy; however we suggest that organizations create high-level security policies targeted towards their operations.
Expert Opinion - Information Security Policy
Control Objective
Policy is documented, approved, followed, reviewed, and updated regularly
Policy should be standards-based in order to evolve over time
Include Appropriate Use so employees know what they may and may not do