Information protection policy
Information protection policy is a document which provides guidelines to users on the processing, storage and transmission of sensitive information. Main goal is to ensure information is appropriately protected from modification or disclosure. It may be appropriate to have new employees sign policy as part of their initial orientation. It should define sensitivity levels of information.
- Should define who can have access to sensitive information.
- Should define how sensitive information is to be stored and transmitted (encrypted, archive files, unencoded, etc.).
- Should define on which systems sensitive information can be stored.
- Should discuss what levels of sensitive information can be printed on physically insecure printers.
- Should define how sensitive information is removed from systems and storage devices.
- Should discuss any default file and directory permissions defined in system-wide configuration files.