4-page generic policy about complliance including enforcement, both by the organization and by relevant third parties.
Given the potential impacts of non-compliance with obligations imposed by information security-related policies, laws, regulations, standards, contracts, agreements etc., this policy specifies a three-pronged approach:
- Proactively monitor and assess applicable information security and privacy-related obligations imposed by laws, regulations, standards, contracts etc.;
- Fulfill obligations to protect information assets through compliance and enforcement actions as appropriate; and
- Insist that third-parties comply with their obligations to protect information assets that are disclosed or provided to them, through further compliance and enforcement actions.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Compliance and enforcement policy
Template policy on compliance
See also the policies on:
- Incident reporting
- Incident management
- Digital forensics
- Privacy compliance