There are three main parts to the policy. First, the introduction to the policy puts the document in context, provides for key contact information and identifies the role of employees and and contractors. Second, the policy sets out some specific cyber security requirements which all personnel should adhere to. These incldue requirements relating to passwords, the circumvention of security measures, reporting security breaches, use of non-company devices for connecting to company systems, software installation and risky internet behaviour. Third, the policy identifies the types of action which will constitute system misuse – which may constitute a disciplinary issue.
It should be stressed that this simple policy is not suitable for more complex organisations.
Alternative cyber security policies
We supply a range of cyber security documents on our ecommerce websites, Website Contracts and Docular.