Policy & Procedures

Policies and procedures are the documented mechanisms by which an organization operates, and people are trained to follow them. Policies and procedures lay the groundwork for how the organization will operate. A failure in, lack of, or deficiency in policies and procedures can lead to security risks for the organization. An organization’s policies and procedures are often the final protective or mitigating control against security breaches, and those policies and procedures should be examined closely to ensure that they are consistent with both the inherent business objectives and with secure operations.

In order to ensure security of business operations, documented business rules for protecting information and information systems, which store and process information, must be established. These business rules must be a formal declaration of management’s intent to protect organizations information assets and ensure compliance with various security and privacy regulations. These business rules are often known as information security policy.

Security policy is usually a high level definition of secure organizational behavior; having a security policy does not mean an organization is “secure”. Security policy paves the path for development of secure operational guidelines or procedures that can be implemented to achieve the security policy objectives.

SYSUSA’s information security policy review and development process can help you evaluate your current security policies or develop new ones to ensure security of your organizations business operations.