Sample Information Security Program Charter:
Sample Information Security Program Charter
This Information Security Program Charter serves as the capstone document for the Information Security Program. Information Security policies define Information Security objectives in topical areas. Information Security standards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards.
The Information Security Program will reduce vulnerabilities by developing Information Security policies to assess, identify, prioritize, and manage vulnerabilities. The management activities will support organizational objectives for mitigating the vulnerabilities, as well as developing and using metrics to gauge improvements in vulnerability mitigation.
The Information Security Program will counter threats by developing Information Security policies to assess, identify, prioritize, and monitor threats. The monitoring activities will support organizational objectives for deterring, responding to, and recovering from threats. The monitoring activities also will support the development and use of metrics to gauge the level of threat activity and the effectiveness of the Company threat detection and response capabilities.
The Information Security Program will ensure that the Information Security Program Charter and associated policies, standards, guidelines, and procedures are properly communicated and understood by establishing a Security Awareness Program to educate and train the individuals, groups, and organizations covered by the scope of this Information Security Program Charter.
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.