Information Security Policy
Information security comprises the safeguarding and protection of critical, commercially sensitive, confidential, personal or other sensitive data as well as information and communications technology (ICT) or systems for the processing of these data (creation, storage, modification, analysis, etc.).
The information security policy has been introduced not only to regulate this specific area but also to raise awareness of information security issues among users.
PURPOSE of the security policy:
- defining acceptable behaviour of employees and other stakeholders with regard to information security;
- publishing a broad consensus over security requirements and practice;
- establishing a legal basis for action in the event of inappropriate behaviour of employees and other stakeholders;
- defining security screening and measures;
- presenting indicators for validation of information security maturity and compliance with regulations to the management and other stakeholders, including auditors;
- defining conditions for the exchange of information and access to business applications.
TARGET AUDIENCE: users of information services (employees, students, outworkers) and outsourcers.
The entire policy encompasses the following four documents: