2023 IT Examiner School

Internal Use Only

Implement Policies, Procedures, Standards  Provide guidance  Define appropriate behaviors  Can take various shapes/formats  Updated and supplemented as required

 Key policies should be reviewed & approved annually  Employee acknowledgement to abide by them, when hired  Annual awareness training & testing for knowledge

Internal Use Only

Information Security Program

Policy

Standards

Procedures

Must be technically feasible and enforceable MUST have commitment from HIGHEST level of management Must have input from technical staff and users