~4-page information security policy template on compliance and conformity.
Given the potential impacts of non-compliance with information security-related legal, regulatory and contractual obligations, or non-conformity with discretionary requirements, this policy specifies a three-pronged approach:
- Proactively monitor and assess applicable information security and privacy-related obligations;
- Fulfil the obligations through compliance/conformity, reinforcement and enforcement actions as appropriate; and
- Insist that third-parties comply with their obligations to protect information disclosed or provided to them, through further compliance actions.
Compliance enforcement and reinforcement are complementary approaches: as well as penalising non-compliance, we recommend encouraging and rewarding compliance. Carrot and stick!
Supplied as an MS Word document, readily customised for your organisation's specific situation.
top of page
bottom of page