Information security program policy

As the name suggests, this type of policy establishes the organizational information security program. These policies set the strategic direction for the organization and assign specific resources and roles to establish and implement the information security program.

The information security program policy includes the program purpose, program scope, addresses compliance requirements, and assigns who is responsible for the information security program.