~4-page information security policy template on complliance.
Given the potential impacts of non-compliance with information security-related legal, regulatory and contractual obligations, this policy specifies a three-pronged approach:
- Proactively monitor and assess applicable information security and privacy-related obligations;
- Fulfil the obligations through compliance, reinforcement and enforcement actions as appropriate; and
- Insist that third-parties comply with their obligations to protect information disclosed or provided to them, through further compliance actions.
Compliance enforcement and reinforcement are complementary approaches: as well as penalising non-compliance, how about encouraging and rewarding compliance? Carrot and stick!
Supplied as an MS Word document, readily customised for your organisation's specific situation.