Data Security


Data Security Videos


Tuesday, April 3, 2007

Data Security - Departmental Information Security Policy

Data Security – Departmental Information Security Policy

Although for most companies drafting a central policy for Information Security really is enough.

However, there are some companies which require individual business units or departments to come out with their own departmental policies.

If such a case exists, it makes sense therefore to come out with one standard template for all departments to follow.

What should then be the format & how should it look like is something that is going to be discussed in this post.

First of all, the structure of the policy should go this way in my opinion:


1. Central Policy

2. Departmental IT Policy

3. IT Emergency Procedure for the Department

The following IT Policy are valid for the department(s)__________.

The department heads are responsible for the planning, implementation and control of measures for data protection and information security in the department. All employees of the department should know the rules and are responsible within the scope of their duties for the proper and secure handling of confidential information.

Other categories include:

Permissible Hardware in the department.
Permissible Software in the department.
Departmental data classification, authorisation lists.
Office - Security.
Backup Strategy, Archiving Strategy
Emergency Procedures for the department

I have created a sample departmental policies if you are interested do drop me a email at I just need a small donation from you for my effort that’s all.

Related Tags: , , , ,

No comments: