~4-page information security policy template on complliance.
Given the potential impacts of non-compliance with obligations imposed by information security-related policies, laws, regulations, standards, contracts, agreements etc., this policy specifies a three-pronged approach:
- Proactively monitor and assess applicable information security and privacy-related obligations imposed by laws, regulations, standards, contracts etc.;
- Fulfill obligations to protect information assets through compliance and enforcement actions as appropriate; and
- Insist that third-parties comply with their obligations to protect information assets that are disclosed or provided to them, through further compliance and enforcement actions.
Compliance enforcement and reinforcement are complementary approaches: as well as penalising non-compliance, how about encouraging and rewarding compliance? Carrot and stick!
Delivered as an editable MS Word document, easily customized for your organization's specific needs.