Organizations can use this sample policy to protect and manage information assets and communication networks.
Sample procedures include documenting deficiencies; documenting the group’s plan to close identified gaps; documenting new business unit procedures and practices; determining the appropriate distribution or access for business unit procedures; allocating funds and resources toward closing identified gaps; defining appropriate requirements to ensure the availability, confidentiality and integrity of the information; documenting the responsibilities of the system or application manager; and complying with all relevant laws and regulations.