The General Data Protection Regulation (GDPR) requires you to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities. Having internal policies catering for data security can help to demonstrate how your business is complying with the GDPR. But if you don’t currently have any such internal policies, where do you start?
Mercia has partnered with ADL Consulting to bring you a suite of 10 information security policy templates. These templates provide a useful start-point for any business looking to implement policies and procedures to ensure compliance with GDPR and help demonstrate your firm’s commitment to managing data safely and securely. All templates require tailoring to your business requirements and are provided in Microsoft Word to allow for full customisation.
The set contains:
Information Security Policy Statement
The purpose of this policy is to protect the company’s information assets from all threats, whether internal or external, deliberate or accidental.
Acceptable Use Policy
The purpose of this policy is to outline the acceptable use of computer equipment at your firm. These rules are in place to protect the employee and the business. Inappropriate use exposes the firm to risks including malware attacks, compromise of network systems and services, and legal issues.
Access Control Policy
The purpose of this policy is to ensure that both logical and physical access to information and systems is controlled and procedures are in place to ensure the protection of information systems and data.
The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.
Malware Protection Policy
The purpose of this policy is to explain the measures that your firm has taken to protect the business from malware, how that affects staff, and what is expected from staff.
The purpose of this policy is to explain where firewalls exist, how they should be configured, and who should be able to make changes to them.
Clear Desk Clear Screen Policy
The purpose for this policy is to establish the minimum requirements for maintaining a “clean desk” – where sensitive/critical information about employees, intellectual property, customers and vendors is secure in locked areas and out of site.
Bring Your Own Device (BYOD) Policy
The purpose of this policy is to explain your firm’s requirements where those within scope wish to connect to your firm’s systems, or hold your firm’s data. It also explains how those within scope are expected to behave with respect to mobile devices in the workplace.
The purpose of this policy is to explain how backups are run and managed. It also described the process for recovery in the event of accidental change or deletion, or in the event of a disaster.
Account Justification and Creation Policy (including an Account Justification Form)
The purpose of this policy is to explain the account justification process.
NOTE: These templates are for internal use only, and resale is strictly prohibited and a breach of copyright.
£50 plus VAT each
Whole suite of 10 templates
|£450 plus VAT
10% discount for Members. All prices are subject to VAT.
You can place an order by clicking the blue order button above.
Alternatively call the Marketing Support team on 0116 258 1242 or email us at email@example.com.
Supplied in digital format and delivered to you by email within one working day of receipt of your order.
For more information on the GDPR, read our free download on What the GDPR means for businesses.
Information Security Policy Templates