An information security policy should ideally comply with ISO/IEC 27001. This standard provides best practice recommendations for information security management. The security policy should be defined as part of an organisations ISO/IEC 27001 Information Security Management System (ISMS).
A security policy that complies with the standard ISO/IEC 27001 should contain the following contents.
The suggested contents for an Information Security Policy are can be found in the following document.
Copyright © C.Stone 1996 - 2016