This commonly occurs when someone within a company writes their own policy terminology, posts it on a Web page...
or at the bottom of their email signature and doesn't communicate with the organization's legal council on the matter. A company should also have a privacy statement on its site that is validated by their lawyers to ensure that a misstatement is not used because it could be detrimental to the company down the road.
NIST has developed the following standard pertaining privacy policies:
Privacy portal policy examples:
You may be referring to another type of policy that outlines what can be posted on a portal, who is allowed to submit items to it, how the submissions should be supplied and approved, and what types of items management will not allow on the portal, etc.
I am not familiar with any specific standard on this type of policy. It would just be an issue-specific policy with the focus of what can and cannot be done to the company portal, who can do it and what the ramifications for non-compliance are. I have listed some issue-specific policy resources below.
If you are looking for a good example on a portal policy, please review the following site: http://security.sdsc.edu/policy/PortalPolicy.html. This may encompass what you are trying to accomplish with this type of policy.
Issue-specific policy resources:
For More Information:
Related Q&A from Shon Harris, Contributor
When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should ...continue reading
In today's security world, it's hard to keep track of each and every management standard and auditing procedure. In this SearchSecurity.com Q&A, ...continue reading
Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.