Skip to content
Log in

Information Security Policy

Definition

A high-level governance document that states what the organisation intends to achieve in protecting information, assigns accountability to roles, and sets the scope of the security programme. Approved by senior management or the board. Does not contain technical configuration detail.

Related terms

Document control
The systematic management of all procedural documents in a quality management system, ensuring that the current approved version is in use, all...
Operating effectiveness
The assessment of whether a control has consistently functioned as designed over the audit period. Requires evidence of actual operation, such as...
Policy Exception
A formal, time-bounded approval to deviate from a policy or standard requirement when the standard control is not achievable. Exceptions must be...
Procedure
A step-by-step operational instruction that tells a specific role how to carry out a task in conformance with the relevant standard. Procedures...
Standard
A document that translates a policy requirement into specific, measurable criteria. For example, a password policy may require strong authentication; the accompanying...

Explained in

  • Information Security Policy HierarchyA high-level governance document that states what the organisation intends to achieve in protecting information, assigns accountability to roles, and sets the...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account