Security Management Guide (G06.24+, H06.03+)
Sample Policies
Security Management Guide—522283-008
A-2
Sample Policy 2
2. All employees shall comply with the security requirements set forth by the
Information Security Group.
3. Adherence to this policy shall be monitored by the EDP Audit Group. The EDP
Audit Group shall issue periodic reports detailing the level of conformance to
security requirements and issue exception reports whenever a serious violation
occurs. Management shall be responsible for any corrective action recommended
by the EDP Audit Group.
Review
This policy shall be subject to periodic review.
Sample Policy 2
Corporate Information Security Policy
The goal of the information security procedures within the company is to protect all
forms of information, regardless of storage medium, from corruption and unauthorized
disclosure.
The Information Security Group shall establish procedures to limit information access
to only employees who need the information to perform their duties.
The Information Security Group shall communicate applicable security procedures to
all employees of the company to such an extent that the employees have a working
knowledge of these procedures.
All employees are responsible for adhering to the security procedures established by
the Information Security Group.