Information Security Policy Summary
U.S .Colo is engaged in providing services which use information and information systems accessible through the internet. As such, they are vulnerable to security breaches that may cause service interruption, compromise privacy and expose the company to financial loss and many other risks. US Colo must create a framework of policies and procedures that safeguard the confidentiality, integrity and availability of its information assets from any form of threat, such as: fraud, error, embezzlement, sabotage, terrorism, extortion, industrial espionage, privacy violation, service interruption and natural disaster.
U.S. Colo must also define the mechanisms used to help identify and prevent the compromise of information assets, and establish a company-wide approach and security stance to protect it.
These policies and procedures must define the security guidelines for expected user behavior, including company standards and best practices. They must define the consequences of violations, while ensuring full compliance with all applicable legislation and regulations. And they must provide a means to perpetually evolve over time.
U.S. Colo management will ensure all information and information systems are protected in a manner commensurate, or superior to, current industry standards. To achieve this objective, annual U.S. Colo information and information systems “risk reviews” will be conducted. Similarly, whenever a major security incident indicates the security information system is deficient, management must promptly take immediate action to reduce U.S. Colo’s exposure and quickly modify current company policy. Annual reports reflecting U.S. Colo’s information security status and progress must be prepared and submitted to the Operations Manager.
Information Security requires the participation and support of everyone. All U.S. Colo employees, consultants, contractors, agents and associates will be provided with sufficient training and supporting reference materials to allow proper protection and management of U.S. Colo’s information assets. Training materials should communicate the importance of “information security” in running U.S. Colo, and must be viewed like any other on-going business function, such as accounting or marketing. Training and documentation with respect to information security is the responsibility of the IT department.
The IT department will provide guidance, direction and authority as regards information security activities. Also the IT department is responsible for establishing and maintaining information security policies, standards, guidelines and procedures. Compliance checking to ensure that organizational units are operating in a manner consistent with these requirements is the responsibility of the IT Department, as is any investigation of system intrusion or other information security incident.
To learn more about this policy, please contact us at firstname.lastname@example.org.