Data Security – Departmental Information Security Policy
Although for most companies drafting a central policy for Information Security really is enough.
However, there are some companies which require individual business units or departments to come out with their own departmental policies.
If such a case exists, it makes sense therefore to come out with one standard template for all departments to follow.
What should then be the format & how should it look like is something that is going to be discussed in this post.
First of all, the structure of the policy should go this way in my opinion:
1. Central Policy
2. Departmental IT Policy
3. IT Emergency Procedure for the Department
The following IT Policy are valid for the department(s)__________.
The department heads are responsible for the planning, implementation and control of measures for data protection and information security in the department. All employees of the department should know the rules and are responsible within the scope of their duties for the proper and secure handling of confidential information.
Other categories include:
Permissible Hardware in the department.
Permissible Software in the department.
Departmental data classification, authorisation lists.
Office - Security.
Backup Strategy, Archiving Strategy
Emergency Procedures for the department
I have created a sample departmental policies if you are interested do drop me a email at firstname.lastname@example.org. I just need a small donation from you for my effort that’s all.
Related Tags: Data security, , Security Policy, Information security, Network Security