Policy templates

An asset management policy provides a structured framework for managing an organization's assets to optimize performance, ensure compliance, and maximize value over the asset lifecycle. It outlines principles, responsibilities, and procedures to guide asset-related decision-making and resource allocation.

A vulnerability is a flaw or weakness, a design or implementation error, lack of updates in the light of existing technical knowledge, that can compromise the security of information technologies. A vulnerability can lead to an unexpected or unwanted event and be exploited by malicious third parties to violate the integrity, authenticity, confidentiality or availability of a system or to damage a system.  Therefore, it is vital that we eliminate as many known vulnerabilities as possible. For this, we need a good patch management system and vulnerability monitoring.

Passwords are often used to authenticate users. This document provides a policy on the use and implementation of passwords for confidential and critical information systems.

Network security within the organisation is important because it is your first defence against outside attacks. By implementing effective technical and organisational network security measures, you can prevent cybercriminals from mapping your infrastructure, disrupting your communications, unlawfully gathering data or reaching critical applications and devices

This Cybersecurity Policy defines the minimum requirements applicable to all departments within the organisation so that we protect one's intellectual property, commercial advantage and people from the consequences of poor Information Security and possible cyber-attacks.

This document contains guidelines and examples that organisations can follow to support the development of their own Cyber Incident Response Plan (CIRP). The template is not exhaustive. Each organisation's CIRP should be tailored to its unique operating environment, priorities, resources and constraints.

Critical information and information systems must be protected against data loss and data damage. Backup and recovery procedures enable us to restore information in case of disaster scenarios.  This policy provides organisations with some tools to develop a sound backup strategy.

Within an organisation, access management is an essential part of security that determines who has access to certain data, applications and other digital assets, and under what circumstances. This access management policy secures digital environments in the same way keys and guest lists secure physical spaces. It allows the organisation to verify that users are who they say they are, and that these users have been granted appropriate access, based on context such as device, location, function and more.

These 10 golden rules give a brief overview of what an organisation can consider to start communication and implementation around cyber security.