Information Security Program

Last updated on May 25, 2020

For every security assessment conducted within an organization, there should be a list of action items to close any identified gaps. These action items should be transferred into a strategy for execution. Also within the organization, there should be an awareness plan which outlines all the activities for a year that will keep security in the forefront of the minds of all staff. The Information Security Program is a combination of the Security Strategy and Security Awareness Plan, in line with the mission and vision of the organization.

Expert Opinion - Security Policy, Security Program

Control Objective

Policy is documented, approved, followed, reviewed, and updated regularly
Policy should be standards-based in order to evolve over time
Include Appropriate Use so employees know what they may and may not do

Resources

Information Security Program Template

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Information Security Program

Expert Opinion - Security Policy, Security Program

Control Objective

Resources