Tip

Tier-1 policy overview: Corporate communications, work place security

As we continue our look at Tier-1 policies, this third tip in a series examines three Tier-1 policies that are vitally important to the success of a corporate-wide Information Security

    Requires Free Membership to View

program. The ability to protect information in all forms of correspondence, to protect employees in the workplace, and to be able to recover in the event of an emergency are all key elements in a successful Information Security program.

Corporate Communications – Instead of individual, top-specific policies on such items as voice-mail, e-mail, interoffice memos and outside correspondence, a single policy on what is and is not allowed in organization correspondence can be implemented. The Corporate Communications Policy supports the concepts established in the Employee Standards of Conduct, which address employee conduct, including harassment whether sexual, racial, religious or ethnic. The policy also discusses liable and slanderous content and the organization's position on such behavior.


MORE INFORMATION ON POLICIES:


The Corporate Communications Policy, typically owned by the Public Relations group, also addresses requests for information from outside the organization. This will include media requests, as well as the representation of the organization by speaking at or submitting white papers for various business-related conferences or societies.

Work Place Security – This policy addresses the need to provide employees with a safe and secure work environment. The need to implement sound security practices to protect employees, the organization's property and information assets is established here. Included in this policy are the basic security tenants of authorized access to the facility, visitor requirements, property removal and emergency response plans, including evacuation procedures.

Business Continuity Plans – For years this process was relegated to the Information Technology department and consisted mainly of the IT disaster recovery plan for the processing environment. The proper focus for this policy is the establishment of business unit procedures to support restoration of critical business process, applications and systems in the event of an outage.

The Business Continuity Plan Policy includes the following requirements for business units:

  • Establish effective continuity plans
  • Conduct business impact analysis for all applications, systems and business processes
  • Identify preventive controls
  • Coordinate the business unit BCP with the IT disaster recovery plan
  • Test the plan, and train employees on the plan
  • Maintain the plan to a current state of readiness

Thus, Business Continuity Planning establishes that each business unit and department has a responsibility to budget and develop contingency plans.

Next month, in the final installment of Tier-1 policies overview, we examine Procurement and Contracts, Records Management and Asset Classification Policies.

About the author
Tom Peltier has been an information security professional for more than twenty-five years. He has written books on information security policies and contributed to several books on CISSP preparation, and computer and data security.


 

This was first published in April 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.