Sample Asset Management Policy:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:


==Objectives==
==Objectives==
The Company systems, including hardware and software, must be managed in accordance with the information asset protection objectives established in the Asset Protection Standard throughout the life cycle from acquisition to disposal. Specific instructions and requirements for life cycle management of Company hardware and software are provided in the System Development Life Cycle Standard.<br>
The Company systems, including hardware and software, must be managed in accordance with the information asset protection objectives established in the Asset Protection Standard throughout the life cycle from acquisition to disposal. Specific instructions and requirements for life cycle management of Company hardware and software are provided in the [[Sample_System_Development_Life_Cycle_Standard:|'''System Development Life Cycle Standard''']].<br>
<br>
<br>
The Company will establish and maintain Asset Protection Standards in accordance with the information asset protection objectives established in the Asset Protection Standard for each system represented in the Company production environment. Specific instructions and requirements for configuration management are provided in the Configuration Management Standard.<br>
The Company will establish and maintain Asset Protection Standards in accordance with the information asset protection objectives established in the Asset Protection Standard for each system represented in the Company production environment. Specific instructions and requirements for configuration management are provided in the [[Sample_Configuration Management Standard:|'''Configuration Management Standard''']].<br>
<br>
<br>
All systems, networks, and applications used in the Company production environment and in virtual premises, such as hosting sites, must follow the documented change control process and procedures to ensure that only authorized updates or changes are made. Specific instructions and requirements for change control are provided in the Change Control Certification Process Manual Standard.<br>
All systems, networks, and applications used in the Company production environment and in virtual premises, such as hosting sites, must follow the documented change control process and procedures to ensure that only authorized updates or changes are made. Specific instructions and requirements for change control are provided in the [[Sample_Life_Cycle_Management_Standard:|'''Change Control Certification Process Manual Standard''']].<br>
<br>
<br>
All production systems and applications developed by the Company or on behalf of the Company must adhere to the documented process of analyzing, designing, developing, testing, and enhancing systems to ensure the integration of appropriate security controls. Specific instructions and requirements for systems development are provided in the System Development Life Cycle Standard.<br>
All production systems and applications developed by the Company or on behalf of the Company must adhere to the documented process of analyzing, designing, developing, testing, and enhancing systems to ensure the integration of appropriate security controls. Specific instructions and requirements for systems development are provided in the [[Sample_System_Development_Life_Cycle_Standard:|'''System Development Life Cycle Standard''']].<br>
<br>
<br>
==Document Examples==
==Document Examples==
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br>
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br>
Line 20: Line 21:
Image:Asset Management Standard(3).png|Asset Management Standard page four of six.
Image:Asset Management Standard(3).png|Asset Management Standard page four of six.
Image:Asset Management Standard(4).png|Asset Management Standard page five of six.
Image:Asset Management Standard(4).png|Asset Management Standard page five of six.
Image:Asset Management Standard(4).png|Asset Management Standard page six of six.
Image:Asset Management Standard(5).png|Asset Management Standard page six of six.
</gallery>
</gallery>
[[File:Asset Management Standard.png]]
[[File:Asset Management Standard(1).png]]
[[File:Asset Management Standard(2).png]]
[[File:Asset Management Standard(3).png]]
[[File:Asset Management Standard(4).png]]
[[File:Asset Management Standard(5).png]]

Latest revision as of 17:40, 14 January 2014

Sample Asset Management Standard

The Asset Management Standard defines Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit Company information assets. Company information assets are defined in the Sample Asset Identification and Classification Standard.

Objectives

The Company systems, including hardware and software, must be managed in accordance with the information asset protection objectives established in the Asset Protection Standard throughout the life cycle from acquisition to disposal. Specific instructions and requirements for life cycle management of Company hardware and software are provided in the System Development Life Cycle Standard.

The Company will establish and maintain Asset Protection Standards in accordance with the information asset protection objectives established in the Asset Protection Standard for each system represented in the Company production environment. Specific instructions and requirements for configuration management are provided in the Configuration Management Standard.

All systems, networks, and applications used in the Company production environment and in virtual premises, such as hosting sites, must follow the documented change control process and procedures to ensure that only authorized updates or changes are made. Specific instructions and requirements for change control are provided in the Change Control Certification Process Manual Standard.

All production systems and applications developed by the Company or on behalf of the Company must adhere to the documented process of analyzing, designing, developing, testing, and enhancing systems to ensure the integration of appropriate security controls. Specific instructions and requirements for systems development are provided in the System Development Life Cycle Standard.

Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.