Recently, I was reading a some samples of information security policies. Here is one example of a information security policy on access controls.

“Security procedures must be implemented to prevent unauthorized access to computers, network resources and data. Only employees of [Company] and contractors who have been briefed on the acceptable use policy of [Company] will be given access to the network. Managers shall decide the level of access for each employee. Final permission to access the network will be the responsibility of the Security Committee. Individuals will be issued a unique username. When an employee terminates employment, Personnel will notify the Security Committee and IT, and steps will be taken to disable that user’s accounts and access to internal and external networks. Account logon and logoff information will be recorded for security audits.”

My advise to company's is to read various sample policies and then adapt them to suit your own individual requirements.

Related Posts

Developing Information Security Policies
Concept of Digital Signatures
Simple Steps for Information Asset Protection
How to Manage Application Change Control