Dear Tracy, Though the draft of information security policy is not something that is available freely on the internet, let me give you few pointers on the same :-
- Access to information is strictly role based
- Access is on a need-to-know basis.
- Partner and Customer specific information is shared and maintained within a well-defined control group.
- Information of Partners and Customers is agreed during the initiation of the engagement and appropriate confidentiality agreements are signed.
- In addition, the senior management of the organisation is governed by a legal & ethical framework, which ensures that they will not be in a position to misuse/ abuse the information that they absorb as part of their roles.
- All facilities have security personnel who monitor asset movement and ensure that proper documentation.
- Development areas are restricted by access control systems, which allow only authorised staff movement in each area.
- In terms of information security, the networks are protected through firewalls and detection systems.
- Network access for staff is role based.
- Access to Product literature and software is regulated based on the role and needs of the staff.
- All other software and product information is available only on specific approvals. Members to pour in their views on this topic ?? Regards, CHRM
|
