How to create an enterprise-wide portal policy
Implementing a portal policy can protect an organization from legal woes. Learn the standards and guidelines to create an effective enterprise-wide portal policy.
This commonly occurs when someone within a company writes their own policy terminology, posts it on a Web page or at the bottom of their email signature and doesn't communicate with the organization's legal council on the matter. A company should also have a privacy statement on its site that is validated by their lawyers to ensure that a misstatement is not used because it could be detrimental to the company down the road.
NIST has developed the following standard pertaining privacy policies:
- http://www.nist.gov/public_affairs/privacy.htm
Privacy portal policy examples:
- https://www.ftc.gov/site-information/privacy-policy
- http://www.aging.state.ca.us/CDA_Privacy_Policy.html
- http://about.aol.com/aolnetwork/aol_pp
You may be referring to another type of policy that outlines what can be posted on a portal, who is allowed to submit items to it, how the submissions should be supplied and approved, and what types of items management will not allow on the portal, etc.
I am not familiar with any specific standard on this type of policy. It would just be an issue-specific policy with the focus of what can and cannot be done to the company portal, who can do it and what the ramifications for non-compliance are. I have listed some issue-specific policy resources below.
If you are looking for a good example on a portal policy, please review the following site: http://security.sdsc.edu/policy/PortalPolicy.html. This may encompass what you are trying to accomplish with this type of policy.
Issue-specific policy resources:
- http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/chapter5-printable.html
- http://www.ncisse.org/publications/cissecd/Papers/S2P02.pdf
- http://www.windowsecurity.com/whitepaper/Computer_and_Information_Security_Policy_.html
- http://www.infosecwriters.com/text_resources/policies/Issue_Specific_antivirus1.doc
- https://www.sans.org/y2k/sec_policy.htm#6
For More Information:
- Learn how to create and manage security policies.
- Learn how to comply with privacy regulations.