Data Security


Data Security Videos


Tuesday, April 3, 2007

Data Security - Departmental Information Security Policy

Data Security – Departmental Information Security Policy

Although for most companies drafting a central policy for Information Security really is enough.

However, there are some companies which require individual business units or departments to come out with their own departmental policies.

If such a case exists, it makes sense therefore to come out with one standard template for all departments to follow.

What should then be the format & how should it look like is something that is going to be discussed in this post.

First of all, the structure of the policy should go this way in my opinion:


1. Central Policy

2. Departmental IT Policy

3. IT Emergency Procedure for the Department

The following IT Policy are valid for the department(s)__________.

The department heads are responsible for the planning, implementation and control of measures for data protection and information security in the department. All employees of the department should know the rules and are responsible within the scope of their duties for the proper and secure handling of confidential information.

Other categories include:

Permissible Hardware in the department.
Permissible Software in the department.
Departmental data classification, authorisation lists.
Office - Security.
Backup Strategy, Archiving Strategy
Emergency Procedures for the department

I have created a sample departmental policies if you are interested do drop me a email at I just need a small donation from you for my effort that’s all.

Related Tags: , , , ,

Sunday, April 1, 2007

Data Security - Information Security Policies

Data Security – IS regulations

Although there should be company-wide IT security regulations. Each business units should also modify their versions of security regulations based on business needs.

I will send you a copy of IT regulations if you can send me email at to request for a copy.

Related Tags: , , ,

Data Security - Information Security Documents

After the organizational network is established, it is important to establish what documentation to keep in each business units.

I would say that each business units should keep a documentation of IT regulations pertaining to his/her department follow by IT documentation like hardware / software assets lists , authorization documents like who can access which systems / folders in their departments and what kind of access.

Other important documents include Emergency documentation like proxies for key appointment holders, spare systems for critical function, virus outbreak escalation procedures can also be drafted as well.

I will dwell deeper into the individual documentation in my next posts.

Meantime, please give your comments if needed.

Related Tags: , , ,