This policy and the entire information security program must be compliant with legal and regulatory requirements as well as with contractual obligations relevant to the organization.
All employees, contractors, and other individuals subject to the organization’s information security policy must read and acknowledge all information security policies.
The process of selecting information security controls and safeguards for the organization is defined in Reference (a).
The organization prescribes guidelines for remote workers as part of the Remote Access Policy (reference (b)).
To counter the risk of unauthorized access, the organization maintains a Data Center Security Policy (reference ©).
Security requirements for the software development life cycle, including system development, acquisition and maintenance are defined in the
Software Development Lifecycle Policy (reference (d)).
Security requirements for handling information security incidents are defined in the Security Incident Response Policy (reference (e)).
Disaster recovery and business continuity management policy is defined in the Disaster Recovery Policy (reference (f)).
Requirements for information system availability and redundancy are defined in the System Availability Policy (reference (g)).