Information Security Policy

5. Protection of Information Systems and Assets

Having completed a risk assessment, departments should draw up their own information security policy, setting out appropriate controls and procedures, in accordance with the Toolkit. Information owners must be satisfied that the controls will reduce any residual risk to an acceptable level.

Confidential information should be handled in accordance with the requirements set out in section 6 below.

Up: Contents Previous: 4. Risk Assessment and the Classification of Information Next: 6. Protection of Confidential Information

Document Links:

1. Purpose
2. Aims and Committments
3. Responsibilities
4. Risk Assessment and the Classification of Information
5. Protection of Information Systems and Assets
6. Protection of Confidential Information
7. Compliance