[go: up one dir, main page]
Scribd
Upload
138 views1 page

10-Information Security Policy Example

XXX places great emphasis on client confidentiality and has adopted an ISO 27001 Information Security Management System to protect confidential information. The organization commits to continually improving its information security, complying with legal obligations, and satisfying interested parties. XXX also commits to restricting access to sensitive data only to authorized individuals and partners and reviewing its information security policies and performance over time.

Uploaded by

carmine evangelista
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
138 views1 page

10-Information Security Policy Example

XXX places great emphasis on client confidentiality and has adopted an ISO 27001 Information Security Management System to protect confidential information. The organization commits to continually improving its information security, complying with legal obligations, and satisfying interested parties. XXX also commits to restricting access to sensitive data only to authorized individuals and partners and reviewing its information security policies and performance over time.

Uploaded by

carmine evangelista
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Reference Toolkit

10. Information Security Policy - Example


XXX places great emphasis on the need for the strictest confidentiality in respect of client
data. This applies to manual and computer records and telephone conversations. The
organisation will strive to improve its confidentiality processes in respect to client data.
XXX has adopted an ISO 27001 Information Security Management System (ISMS) as a tool
to implement a formal system for protecting the confidentiality, integrity and availability of
information.
XXX commits to continually improve its ISMS, to comply with applicable legal and other
obligations to which it subscribes, and satisfy applicable expectations from interested parties.
XXX commits to performing to high standards.
XXX will control or restrict access so that only authorized individuals and partners can view
sensitive information. Access to client information is limited only to those individuals and
partners who have a specific need to see or use that information.
Information will not be made available to outside parties without the written consent of the
information owners.
XXX are committed to meeting all Information Security requirements from our customers and
the provision of the necessary resources to achieve this.
XXX are committed to encouraging Information Security improvements by engaging with our
employees.
XXX will continually review this policy and its information security performance to ensure it
improves over time.
Objectives relating to information security performance will be set annually and reviewed
quarterly by the Information Security Management Forum (ISMF).
This policy is available to all our customers and relevant interested parties and our
employees are made aware of our commitment and the contents of this policy.
This ISMF is responsible for reviewing this policy in-line with the organization’s document
management policy.
Signed

Managing Director
December 20XX

Information Security Policy – D2 – Issue 2

ISM02201ENGX v1.0(AD03) Jan 2022 ©The British Standards Institution 2022 1 of 1

You might also like