Information Security Policy
- Acceptable Use Policy (AUP) 1
- Access ControlPolicy (ACP) 1
- Change Management Policy. 2
- Information Security Policy. 2
- Incident Response (IR) Policy. 2
- Remote Access Policy. 2
- Email/Communication Policy. 2
- Disaster Recovery Policy. 2
- Business Continuity Plan (BCP) 3
The AUP stipulates the constraints and practices that an employee using Gebe-5 IT assets must agree to in order to have access to the Gene-5 network or cloud. It is standard onboarding policy for new employees. They are given an AUP to read and sign before being granted a network ID.
The ACP outlines the access available to employees in regard to an organization’s data and information systems. Included are:
- Access control standards
- Operating system software controls
- Complexity of corporate passwords.
- Monitoring of access and use of corporate systems
- Securing unattended workstations
- Access is removal when an employee leaves the organization
3. Change Management Policy
A change management policy refers to a formal process for making changes to IT, software development and security services/operations. The goal of a change management program is to increase the awareness and understanding of proposed changes across an organization, and to ensure that all changes are conducted methodically to minimize any adverse impact on services and customers.
Gene-5’s information security policy is a high-level policy that covers a large number of security controls. The primary information security policy is issued by Gene-5 to ensure that all employees who use information technology assets within the breadth of the organization, or its networks, comply with its stated rules and guidelines.
The incident response policy describes gene-5’s approach to how the company will manage an incident and remediate the impact to operations. The goal of this policy is to describe the process of handling an incident with respect to limiting the damage to business operations, customers and reducing recovery time and costs.
The remote access policy is a document which outlines and defines acceptable methods of remotely connecting to Gene-5’s internal networks. This may include a policy addendum with rules for the use of Bring Your Own Device (BYOD) assets.
Gene-5’s email policy outlines how employees can use the business’ chosen electronic communication medium. This policy covers email, blogs, social media and chat technologies. The primary goal of this policy is to provide guidelines to Gene-5 employees on what is considered the acceptable and unacceptable use of any corporate communication technology.
An organization’s disaster recovery plan will generally include both cybersecurity and IT teams’ input and will be developed as part of the larger business continuity plan. The CISO and teams will manage an incident through the incident response policy. If the event has a significant business impact, the Business Continuity Plan will be activated.
9. Business Continuity Plan (BCP)
The BCP will coordinate efforts across the organization and will use the disaster recovery plan to restore hardware, applications and data deemed essential for business continuity. The BCP describes how the organization will operate in an emergency.