A 3½-page generic information security policy about the privileges needed to install, use and manage IT systems.
Controlling access to and use of privileged user identities is fundamental for IT systems security since most other technical system security controls can be overridden or disabled by privileged users. This policy explains how privileges are controlled according to the information risks associated with various IT and communications systems, devices, applications etc.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
IT systems privileges policy
Template policy on IT systems privileges
See also the security policies on:
- Information governance
- Information ownership
- Information risk management
- Information classification
- Trust
- Cybersecurity
- Insider threats
- Outsider threats
- Identification and authentication
- Access control
- Information security architecture and design
- IT systems development and acquisition
- Network security
- IT systems implementation
- Backups and archives
- Cloud computing
- Internet of Things
- Bring Your Own Device
- Change and configuration management
- Patching and updating software\
- Assurance
- Trust
- Monitoring and surveillance
- IT auditing
- Hacking
- Malware
- Social engineering
- Security awareness and training
The license covers internal use within a single organisation. Please get in touch if you'd like to incorporate the SecAware content in your systems or services provided to third parties.