Sample Asset Management Policy:: Difference between revisions
No edit summary |
|||
| Line 3: | Line 3: | ||
==Objectives== | ==Objectives== | ||
The Company systems, including hardware and software, must be managed in accordance with the information asset protection objectives established in the Asset Protection Standard throughout the life cycle from acquisition to disposal. Specific instructions and requirements for life cycle management of Company hardware and software are provided in the System Development Life Cycle Standard.<br> | The Company systems, including hardware and software, must be managed in accordance with the information asset protection objectives established in the Asset Protection Standard throughout the life cycle from acquisition to disposal. Specific instructions and requirements for life cycle management of Company hardware and software are provided in the [[Sample_System_Development_Life_Cycle_Standard:|'''System Development Life Cycle Standard''']].<br> | ||
<br> | <br> | ||
The Company will establish and maintain Asset Protection Standards in accordance with the information asset protection objectives established in the Asset Protection Standard for each system represented in the Company production environment. Specific instructions and requirements for configuration management are provided in the Configuration Management Standard.<br> | The Company will establish and maintain Asset Protection Standards in accordance with the information asset protection objectives established in the Asset Protection Standard for each system represented in the Company production environment. Specific instructions and requirements for configuration management are provided in the [[Sample_Configuration Management Standard:|'''Configuration Management Standard''']].<br> | ||
<br> | <br> | ||
All systems, networks, and applications used in the Company production environment and in virtual premises, such as hosting sites, must follow the documented change control process and procedures to ensure that only authorized updates or changes are made. Specific instructions and requirements for change control are provided in the Change Control Certification Process Manual Standard.<br> | All systems, networks, and applications used in the Company production environment and in virtual premises, such as hosting sites, must follow the documented change control process and procedures to ensure that only authorized updates or changes are made. Specific instructions and requirements for change control are provided in the [[Sample_Life_Cycle_Management_Standard:|'''Change Control Certification Process Manual Standard''']].<br> | ||
<br> | <br> | ||
All production systems and applications developed by the Company or on behalf of the Company must adhere to the documented process of analyzing, designing, developing, testing, and enhancing systems to ensure the integration of appropriate security controls. Specific instructions and requirements for systems development are provided in the System Development Life Cycle Standard.<br> | All production systems and applications developed by the Company or on behalf of the Company must adhere to the documented process of analyzing, designing, developing, testing, and enhancing systems to ensure the integration of appropriate security controls. Specific instructions and requirements for systems development are provided in the [[Sample_System_Development_Life_Cycle_Standard:|'''System Development Life Cycle Standard''']].<br> | ||
<br> | <br> | ||
==Document Examples== | ==Document Examples== | ||
Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br> | Use these samples as a guide for your policy development. Fully customizable versions are available from [http://policy-machine.com The Policy Machine].<br> | ||
Revision as of 22:24, 13 January 2014
Sample Asset Management Standard
The Asset Management Standard defines Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit Company information assets. Company information assets are defined in the Sample Asset Identification and Classification Standard.
Objectives
The Company systems, including hardware and software, must be managed in accordance with the information asset protection objectives established in the Asset Protection Standard throughout the life cycle from acquisition to disposal. Specific instructions and requirements for life cycle management of Company hardware and software are provided in the System Development Life Cycle Standard.
The Company will establish and maintain Asset Protection Standards in accordance with the information asset protection objectives established in the Asset Protection Standard for each system represented in the Company production environment. Specific instructions and requirements for configuration management are provided in the Configuration Management Standard.
All systems, networks, and applications used in the Company production environment and in virtual premises, such as hosting sites, must follow the documented change control process and procedures to ensure that only authorized updates or changes are made. Specific instructions and requirements for change control are provided in the Change Control Certification Process Manual Standard.
All production systems and applications developed by the Company or on behalf of the Company must adhere to the documented process of analyzing, designing, developing, testing, and enhancing systems to ensure the integration of appropriate security controls. Specific instructions and requirements for systems development are provided in the System Development Life Cycle Standard.
Document Examples
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.
-
Asset Management Standard page one of six.
-
Asset Management Standard page two of six.
-
Asset Management Standard page three of six.
-
Asset Management Standard page four of six.
-
Asset Management Standard page five of six.
-
Asset Management Standard page six of six.
.png)
.png)
.png)
.png)