Information Security Policy

Policies set the tone at the top. For the BC government, the Information Security Policy is the overarching policy; however we suggest that organizations create high-level security policies targeted towards their operations.

Control Objective

  • Policy is documented, approved, followed, reviewed, and updated regularly
  • Policy should be standards-based in order to evolve over time
  • Include Appropriate Use so employees know what they may and may not do

Resources

Information Security Policy