Information Security Policy

  1. Acceptable Use Policy (AUP) 1
  2. Access ControlPolicy (ACP) 1
  3. Change Management Policy. 2
  4. Information Security Policy. 2
  5. Incident Response (IR) Policy. 2
  6. Remote Access Policy. 2
  7. Email/Communication Policy. 2
  8. Disaster Recovery Policy. 2
  9. Business Continuity Plan (BCP) 3



1. Acceptable Use Policy (AUP)

The AUP stipulates the constraints and practices that an employee using Gebe-5 IT assets must agree to in order to have access to the Gene-5 network or cloud. It is standard onboarding policy for new employees. They are given an AUP to read and sign before being granted a network ID.


2. Access Control Policy (ACP)

The ACP outlines the access available to employees in regard to an organization’s data and information systems. Included are:

  • Access control standards
  • Operating system software controls
  • Complexity of corporate passwords.
  • Monitoring of access and use of corporate systems
  • Securing unattended workstations
  • Access is removal when an employee leaves the organization



3. Change Management Policy

A change management policy refers to a formal process for making changes to IT, software development and security services/operations. The goal of a change management program is to increase the awareness and understanding of proposed changes across an organization, and to ensure that all changes are conducted methodically to minimize any adverse impact on services and customers.


4. Information Security Policy

Gene-5’s information security policy is a high-level policy that covers a large number of security controls. The primary information security policy is issued by Gene-5 to ensure that all employees who use information technology assets within the breadth of the organization, or its networks, comply with its stated rules and guidelines.


5. Incident Response (IR) Policy

The incident response policy describes gene-5’s approach to how the company will manage an incident and remediate the impact to operations. The goal of this policy is to describe the process of handling an incident with respect to limiting the damage to business operations, customers and reducing recovery time and costs.


6. Remote Access Policy

The remote access policy is a document which outlines and defines acceptable methods of remotely connecting to Gene-5’s internal networks. This may include a policy addendum with rules for the use of Bring Your Own Device (BYOD) assets.


7. Email/Communication Policy

Gene-5’s email policy outlines how employees can use the business’ chosen electronic communication medium. This policy covers email, blogs, social media and chat technologies. The primary goal of this policy is to provide guidelines to Gene-5 employees on what is considered the acceptable and unacceptable use of any corporate communication technology.


8. Disaster Recovery Policy

An organization’s disaster recovery plan will generally include both cybersecurity and IT teams’ input and will be developed as part of the larger business continuity plan. The CISO and teams will manage an incident through the incident response policy. If the event has a significant business impact, the Business Continuity Plan will be activated.

9. Business Continuity Plan (BCP)

The BCP will coordinate efforts across the organization and will use the disaster recovery plan to restore hardware, applications and data deemed essential for business continuity. The BCP describes how the organization will operate in an emergency.