[organization logo} [organization name] INFORMATION SECURITY POLICY ‘Comment {OKI}; To er how tin 1) ¥ideo ttl "How to Wet the SMS Pay Azorng 802701" ‘tof a8 nda coneo- ‘utr 2) webinar 302701 Foundsions Pa |SuSplnigshse decumentston an nt Fawn az7otsandaraconswtin ‘comment ae ecomert nara by square res ‘mate ie, ode: ‘Comment [OK]; The decunont cog system shoud te nine wth he Version rece ee ‘etn, re may be delete. Date of version: Created by “Approved by: Confidentiality level: (©2013 his tmplate may eed by ents of FS Sees wa 270 sac com nacordace wth thease Agere[organization name} [confidentiality level Change history Date Version | Created by | Description of change ‘01/10/2013 [01 | Dejan Kosutic | Basic document outine Table of contents 1. PURPOSE, SCOPE AND USERS... 2. REFERENCE DOCUMENTS. 13. BASIC INFORMATION SECURITY TERMINOLOGY . 4. MANAGING THE INFORMATION SECURITY 4.1, Omcrves ano MEASUREMENT 4.2. inromwaionsecunracquenet. 43, INFORMATION SECURTY CONTROS.. 44, Busmess conn. 45, ResPonsiauris. 48, Poucrcomunteaton. 5. _ SUPPORT FOR SMS IMPLEMENTATION 6. VAUDITY AND DOCUMENT MANAGEMENT... Information SearyFolzy iverson] om ate] Paes Bah (©2013 his tmplate may be ued by ents of FS Sees wa 270s com nacre wth thease Agere[organization name} [confidentiality level 1. Purpose, scope and users ‘The aim of this top-level Policy is to define the purpose, direction, principles and basic rules for Information security management. This Policy is applied to the entire Information Security Management System (ISMS), as defined in the ISMS Scope Document. Users of this document are all employees of [organization name], as well as relevant external parties. 2. Reference documents ISO/IEC 27001 standard, clauses 5.2 and 5.3 ‘ISMS Scope Document ‘© Risk Assessment and Risk Treatment Methodology * Statement of Applicability + List of Lega, Regulatory and Contractual Obligations + [Business Continuity Policy] [Incident Management Procedure] 3. Basic information security terminology Confidentialty - Ae << Sy SD +S SA ey te or systems, Integrity - eee te tetany a + sa ye tr eee systems in an allowed way. Avtilsbilty- meemeam 6 te stem ty net # ee te Sm te este er ‘when itis needed, Information security — w-wh» © eshmeiny seg oe sey © shat Information Security Management System — = © es ee Cane, eg, an, see, ent emapeing the information security. 4, Managing the information security 4.1. Objectives and measurement General objectives forthe information security management system are the following: creating 3 ee ne me a ne ee Information Seary Foy ‘es Teion] om ate] Page dak ‘©2013 hs tmp ay ewe by cents of FS Seis wn 2 7Clsanrcom nacre wth the easement[organization name} [confidentiality level ee a ee me ee ee ee reviewing these general ISM objectives and setting new ones. ‘Objectives for individual security controls or groups of controls are proposed by [list job functions Oe Ae NE at ty ht te Statement of ‘Applicability All the objectives must be reviewed at least once a year. [organization name] will measure the fulfillment of al the objectives job ttle} is responsible for ne Se ee A meee oe ae te ee te ee te et eee aa te ne ee report them to [top management] as input materials for the Management review. 4.2. Information security requirements ‘This Policy and the entire ISM'S must be compliant with legal and regulatory requirements relevant to ee etme em ne ee cee hh ee rrr ert is provided inthe List of Legal, Regulatory and. Contractual Obligations 4.3, Information security controls oh eee te sr eter ttt the sk Assessment and Risk ‘Treatment Methodology. (ene thew ser sete tre ttt the Statement of Applicabiity 4.8, Business continuity (eee sere tt the Business Continuity Management Policy 5. Responsibilities Responsibilities for the ISMS are the following: (¢ [job title] is responsible for ensuring ww ‘i © se yernertt seer ett ete: to this Policy, and for js een ae avaliable + DOD Ele] se Ae ee ce oe A ao ‘about the performance ofthe IsMS ‘+ top management] must review the ISMS atleast once a year or each time a significant Ae aan co eres ame ae Oe ay Se creme ooo ene ce ee ey ee ne ee ‘© {jb ttle} wil implarnen i te ee tte renee ‘employees 1+ the protection of mga ams ee esters oa se ms the owner of each asset | tre etre must be reported to [jb title] ‘Comet [OK]; ass waters ‘requis sprite [Comment [OKO]: Ls oie Fats | i ara ete by he loc ngition sera dtapoecton et ‘Comment [OKO]: Oto secon ses cart it ot be Slenered {Comment [OKA enter top ‘Comet [OKA2]: One oF mare ‘Comment [OKA3} Ths must bere topmanogerent bay whine SHS manager bade { Comment [0K24}: sever responsibie | ‘Comment [OKI5} Ormaics ‘etree to thelncider Manage Freer Trformation Security Paley ‘es Teion] om ate] Paee dots ‘©2013 hs tmp ay ewe by cents of FS Seis wn 2 7Clsanrcom nacre wth the easement[organization name} [confidentiality level ‘Gob tite] will define hn a te i ‘to which interested party (both internal and external), By whom and when [ob ite iss septs eh eH HY Training and Awareness Plan, ee een information security management 46. Policy communication Liob tile] has to ensure Sr sf see Sg Sa SS SS parties are familiar with this Policy. 5. Support for ISMS implementation Hereby the [job ttle or top management body in the scope of the ISMS] declares that SMS achieve all objectives set in this Policy, as wel as satisty all identified requirements, 6. Validity and document management This document is valid as of [date] ‘The owner ofthis document i [ob title), who must check and, if necessary, update the document at least once a year. ‘Comment [OKIG] sis env srecrmendaton ht ere st ‘When evaluating the effectiveness and adequacy ofthis document, the following criteria need to be — considered: + UTLET of A ST EN 2 ee A, Mae se te with this document + non-compliance ofthe i a sgqees_sthenrhet stS ettee Internal documents ofthe organization * ineffectiveness of "i snnnanien soe Santee © Unclear eee ee ont lob tive} ‘Comment [OKA7I: he Foley mse [name] ‘prev op matogenet in els [signature] “formation Security Pokey ver renin] fom ats} SSS ‘©2013 hs tmp ay ewe by cents of FS Seis wn 2 7Clsanrcom nacre wth the easement