Security Policies

Many government departments are required to produce and maintain Accreditation Document Sets (ADS), which detail the life of all your Information, Communication and Technology (ICT) devices during their service. Information held comprises the specifications of your equipment and the location, owner and other essential information including its eventual removal and replacement.

If you are about to embark on an Information Assurance accreditation to British or International Standards, namely ISO/IEC 27001:2005 (formerly BS 7799), you will be aware that all your documentation will be part of your Information Security Management System (ISMS). Depending on the size of your organisation, this document can be very lengthy and time-consuming to complete; typically, it can take up to 18 months.

Security policies and procedures are an essential element of your organisation’s Information Security Management System (ISMS). Legislation in the UK, such as the Computer Misuse Act 1990, the Freedom of Information Act 2000 and the Data Protection Act 1998, require that organisations implement data security measures to prevent unauthorised or unlawful processing and accidental loss or damage to data pertaining to living individuals.

Your Statement of Applicability will form part of your Information Security Management System (ISMS); it details what is covered in your ISMS, what is not covered and why.