Cybersecurity

Information Security Policy

Acronym : ISSP

The Information Security Policy is the reference document that formalizes an organization's security rules, principles and responsibilities. It is the foundation on which every technical and organizational control is later built.

Why it matters

Without a written policy approved by leadership, security relies on informal practices that are hard to audit or enforce when an incident or an audit occurs.

Concrete example

A company defines its password policy, personal device usage rules and incident reporting procedure within its information security policy.

Related notions

IT charterSecurity policyIT governance

Assess your organization's maturity on this topic

Start the diagnostic
Back to glossary