Sample Security Awareness Accessibility Standard:
Document History
| Version | Date | Revised By | Description |
| 1.0 | 1 January 2010 <Current date> | Michael D. Peters <Owners's name> | This version replaces any prior version. |
Document Certification
| Description | Date Parameters |
| Designated document recertification cycle in days: | 30 - 90 - 180 - 365 <Select cycle> |
| Next document recertification date: | 1 January 2011 <Date> |
Sample Security Awareness Accessibility Standard
The <Your Company Name> (the "Company") Sample Security Awareness Policy defines objectives for establishing a formal Security Awareness Program, and specific standards for the education and communication of the Sample Information Security Program Charter and associated policies and standards.
This Security Awareness Accessibility Standard builds on the objectives established in the Sample Security Awareness Policy, and provides specific instructions and requirements for providing appropriate access to the Sample Information Security Program Charter and associated policies and standards.
I. Scope
All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to and use of Company information or systems are covered by this standard and must comply with associated guidelines and procedures.
Users refer to all individuals, groups, or organizations authorized by the Company to access and use Company information and systems.
II. Requirements
- A. General
- The Company Information Security Program Charter and associated policies shall be posted on the corporate Intranet at <INSERT URL>.
- The Company Information Security Program Charter and associated policies shall be posted on the corporate Intranet at <INSERT URL>.
- Departmental managers or Human Resources representatives shall provide Users without access the corporate Intranet at <INSERT URL> with or access to hardcopies of the Company Information Security Program Charter, associated policies, and applicable standards.
- Departmental managers or Human Resources representatives shall provide Users without access the corporate Intranet at <INSERT URL> with or access to hardcopies of the Company Information Security Program Charter, associated policies, and applicable standards.
- 1. Users shall be provided access to the Company standards specified in the Sample New Hire Security Awareness Standard.
- 1. Users shall be provided access to the Company standards specified in the Sample New Hire Security Awareness Standard.
- 2. Managers shall be provided access to the Company standards specified in the Sample Management Security Awareness Standard.
- 2. Managers shall be provided access to the Company standards specified in the Sample Management Security Awareness Standard.
- 3. Third party entities shall be provided access to the Company standards specified in the Sample Third Party Security Awareness Standard.
- 3. Third party entities shall be provided access to the Company standards specified in the Sample Third Party Security Awareness Standard.
- 4. Access to Information Security policy documentation such as technical standards, baseline configurations, and detailed procedures shall be provided and limited to Users required to meet an approved business need or perform prescribed job responsibilities.
- 4. Access to Information Security policy documentation such as technical standards, baseline configurations, and detailed procedures shall be provided and limited to Users required to meet an approved business need or perform prescribed job responsibilities.
- 5. Users shall be notified of changes, updates, and revisions to the Company Sample Information Security Program Charter, associated policies, and applicable standards.
- 5. Users shall be notified of changes, updates, and revisions to the Company Sample Information Security Program Charter, associated policies, and applicable standards.
III. Responsibilities
The Chief Information Security Officer (CISO) approves the Security Awareness Accessibility Standard. The CISO also is responsible for ensuring the development, implementation, and maintenance of the Security Awareness Accessibility Standard.
Company management is responsible for ensuring employees within their area of responsibility cooperate with Company security awareness and training efforts, and ensuring that employees within their area of responsibility have appropriate access to the Company Sample Information Security Program Charter and associated policies and standards.
IV. Enforcement and Exception Handling
Failure to comply with the Security Awareness Accessibility Standard and associated guidelines and procedures can result in disciplinary actions up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.
Requests for exceptions to the Security Awareness Accessibility Standard should be submitted to <Insert Title> in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organizations identified in the scope of this standard will continue to observe the Security Awareness Accessibility Standard.
V. Review and Revision
The Security Awareness Accessibility Standard will be reviewed and revised in accordance with the Sample Information Security Program Charter.
Approved: _______________________________________________________
- Signature
- Signature
- <Insert Name>
- <Insert Name>
- Chief Information Security Officer
- Chief Information Security Officer