An ISO27001 compliant Information Security Policy
- or -
Post a project like this2764
$$$
- Posted:
- Proposals: 2
- Remote
- #1277944
- Awarded
Description
Experience Level: Expert
Kind of writing: Technology
Num. of articles: 1
Industry: Technology
Topic: Information Security Policy
Tone: Formal/Professional
Outline & Structure: The context is a general information security policy for an organisation that houses confidential personally identifiable data. This can be for data processing reasons (analytics) or an honest broker.
Attached is guidance on information security policy based around ISO 27001 as well as an example of how one looks. It is not expected that the specimen policy is copied. Please use this guidance but extend it to cover the items below:
Describe monitoring of confidential data access
- All staff members with the potential to access confidential personal information have been informed that monitoring and auditing of access is being carried out, of the need for compliance with confidentiality and security procedures and the sanctions for failure to comply. Staff might be informed through team meetings, awareness sessions, staff briefing materials, or staff may be provided with their own copy of the procedures
Cover sign off process for said policy
- All documentation includes revision history and provenance for commits (including author and sign off authority) to publishable branches.
Cover responsibility for confidentiality audit
- Describe owner's role and cove monitoring and auditing access to confidential personal information
- Clearly highlight owner of documentation and owner of audit process -- including supporting staff
Document flows of confidential information
- Flows of confidential data during business operations
Cover review of purposes utilising confidential information
- Monthly review for all purposes supported by confidential personal information and the legal basis for each is covered in this policy
Cover responsibility for information governance Training and owner
- Describe who is responsible for training staff and partners about information governance
Explicit clause about revision of policy
- Policy review every month but annual review includes baselining against updated regulations, standards and the output of various audits.
Extensive research needed: no
Extra notes:
Num. of articles: 1
Industry: Technology
Topic: Information Security Policy
Tone: Formal/Professional
Outline & Structure: The context is a general information security policy for an organisation that houses confidential personally identifiable data. This can be for data processing reasons (analytics) or an honest broker.
Attached is guidance on information security policy based around ISO 27001 as well as an example of how one looks. It is not expected that the specimen policy is copied. Please use this guidance but extend it to cover the items below:
Describe monitoring of confidential data access
- All staff members with the potential to access confidential personal information have been informed that monitoring and auditing of access is being carried out, of the need for compliance with confidentiality and security procedures and the sanctions for failure to comply. Staff might be informed through team meetings, awareness sessions, staff briefing materials, or staff may be provided with their own copy of the procedures
Cover sign off process for said policy
- All documentation includes revision history and provenance for commits (including author and sign off authority) to publishable branches.
Cover responsibility for confidentiality audit
- Describe owner's role and cove monitoring and auditing access to confidential personal information
- Clearly highlight owner of documentation and owner of audit process -- including supporting staff
Document flows of confidential information
- Flows of confidential data during business operations
Cover review of purposes utilising confidential information
- Monthly review for all purposes supported by confidential personal information and the legal basis for each is covered in this policy
Cover responsibility for information governance Training and owner
- Describe who is responsible for training staff and partners about information governance
Explicit clause about revision of policy
- Policy review every month but annual review includes baselining against updated regulations, standards and the output of various audits.
Extensive research needed: no
Extra notes:
Elijah C.
100% (2)Projects Completed
1
Freelancers worked with
4
Projects awarded
100%
Last project
27 Sep 2016
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
Do you have an idea for what scale document or output you require?
Elijah C.09 Sep 2016yup please see specimen in attached PDF
Francis E.09 Sep 2016OK - I performed security systems Audit as part of the Bank of England's review of practices and am Deloitte trained in systems review. There are those that say that they know IT inside and out, I'm more of a generalist Elijah.
If I can offer you a fair price I will but you may want to go with an IT trained person rather that one that's control environment trained, but I'm happy that I could complete the application for you..
142126
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies