Sample Security Awareness Policy ISO 27001

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 2

Security Awareness Policy

3.0 Security Awareness Policy A. Purpose The purpose of this document is to keep employees, contractors, consultants, and inters of Tripura State Data Center up to date on the rapid changes and developments in the world of Information Security. B. Scope This policy applies to every single person works for or with Company A regardless of position and including contractors, vendors, consultants, and interns. C. Policy C-1. IT management at is required to provide all employees with at least one annual training workshop on issues related to security awareness. The Chief Information Security Officer is responsible for delivering the workshop. C-2. C-3. All persons are required to attend at least one Information Security workshop session once a year. The responsibilities of the Chief Information Security Officer in terms of security awareness do not end with delivering the workshop to users as further actions may be required. This includes the publication of posters, authoring of monthly email letter, design of screen savers, or the distribution of brochures, all geared towards increasing Information Security awareness in the work environment. C-4. All new hires must be given the up-to-date Information Security publications at the time of their hiring along with the employee handbook and other standard material dispensed by HR to new hires. C-5. All existing employees must maintain their knowledge of Information Security update by constantly looking up the latest additions and modifications to the Information Security Policies published or distributed by the company C-6. HR has the responsibility to make sure that all new and existing employees sign and submit the Undertaking Acknowledgement Paper at the time of signing a new employment contract or renewing an existing one. C-7. All team leaders, supervisors, section heads, department managers, division directors, and everyone else with a supervisory role that entails evaluation of employees has the responsibility to make sure to score employees on their satisfaction of the Information Security Awareness requirement during annual, biannual, or quarterly reviews and assessments of employee performance.

Security Awareness Policy - Page 1 of 2

Security Awareness Policy


C-8. Further to published Information Security policies and general related material distributed by the company, all queries, questions, and concerns by employees must be addressed with the Chief Information Security Officer. C-9. Pleading ignorance does not constitute a valid excuse for evading responsibility of consequences of problems related to lack of compliance with Information Security Awareness requirements.

D. Enforcement Disciplinary action will be taken in case of Security Awareness Policy violation, which may range from verbal reprimand to final termination of employment, depending on the severity and seriousness of the violation. Considering the nature of internet activities, there may be a tendencies for most violations to be serious and therefore most cases may result in disciplinary actions that lean closer to the heavy-handed side. E. Responsibility All employees, contractors, consultants, vendors, and interns using IT resources responsibility to follow this policy. have the

Security Awareness Policy - Page 2 of 2

You might also like