Staff positions

  • 1 - Systems engineer
  • 2 - Auditor
  • 3 - Help desk
  • 4 - Server administrator (database, file, web, domain controller, mail, proxy)
  • 5 - Network engineer
  • 6 - Firewall, router administrator
  • 7 - Project manager
  • 8 - Purchasing agent
  • 9 - Contract writer
  • 10 - HR staff
  • 11 - Application developer
  • 12 - Application tester/approver
  • 13 - Depot staff
  • 14 - Computer security officer
  • 15 - Users and their managers
  • 16 - Training staff
  • 17 - Upper Management
  • Accounting
  • Marketing
  • Sales

Each policy should have someone responsible for ensuring that the policy is effective and in force. For example purchasing agents can enforce purchasing policy by not placing purchases that are not in compliance with the policy. Without that the policy is not enforceable.

  • Affects but awareness not required.
  • Must be aware
  • Must take specific action
  • # - Primarily responsible
  • * - Relates to their job (are affected by it - excluding standard users) 15 used to indicate standard users.
  • ** - Must enforce or part of their job includes direct activities affecting this area. (must take action)
Policy1234567891011121314151617
Password Policy1**2**3*#4**56*7*891011**12**1314**15*16**17
Remote Access Policy12345678910111213#14**15*16**17
Computer Training Policy1*2**3**4*5*6*7*8910**11121314**15*#16**17
Acceptable Use Policy12345678910*-111213#14**15**16**17
User Privilege Policy 1*2**#3**4*567*891011*12*1314**15*16**17
Privacy and Confidentiality Policy1**2**34**#5**6**7**89**10**11**121314**15*16**17
Account Management Policy12**3#4**5678910**11*121314*15**16*17
Employee Termination Policy12**34**56789#10**11*121314*15**16*17
Browser Configuration Policy12*#3**4*567891011*121314*15*16**17*
Employee Background Screening policy12**3456789#10**1112131415**1617
Logon Banner Policy12**3#4**56789101112131415*16**17
Code of Ethical Conduct Policy12**3456789#10**1112131415*16**17
Internet Connection Policy#1**2**#3**45**6**7**891011121314**15*16**17
Approved Application Policy1**2**#3**4*56#7**8*91011121314**15**16**17
Wireless Communication Policy#1**2**#3**4*5**6**7**8**9*1011121314*15*16*17
Network Documentation Policy1**2**34**#5**6**7**891011121314*151617
Network and Server Scanning Policy12**3*4**5**6**7*8910111213#14**151617
Perimeter Security Policy1*2**34*5**#6**7*891011121314**151617
Internet DMZ Equipment Policy1**(network projects)2**34#5**6**7**(network projects)8**910111213**14**151617
Router Security Policy1**(network projects)2**345**#6**7**(network projects)8**910111213**14**151617
Telecommunications Communication Policy12**34#5**67891011121314**151617
Surf Control Policy12**34**5678910111213#14**15*1617
Asset Control Policy12**3*456#?7#8**9101112#13**1415*1617
Equipment and Media disposal12**#3**456#?789101112#13**14**151617
Mobile computer/device policy12**#3**45678910111213#14**15**1617
IT equipment purchase and failure prevention policy#1**2**34567**8**910111213**14151617
Software tracking policy12**34**567#8**91011**1213**1415*1617
Software Licensing Policy12**3456#7**89101112131415**1617
Intellectual Property Rights Policy12**3456#7**8**910111213**14151617
Virus Protection Policy12**#3**#4**5**6**7891011121314*15*1617
Patch Management Policy12**3#4**56**7891011121314**15*1617
System Lockdown Policy12**3**#4**56**7891011121314**151617
Server Monitoring Policy12**3#4**5#6**7891011121314**151617
Backup and Recovery Policy12**3*#4**56**7891011121314**15*1617
Server Documentation Policy1*2**3*#4**5**6**7*891011*121314*151617
Computer and Printer Naming Policy1*2**3**#4**5**6**7**891011121314*151617
IP Address Assignment Policy1*2**3**#4**5**#6**7**891011121314*151617
Audit Trail Policy12**3#4**5#6**7891011121314**151617
Authentication Mechanism Policy1**2**3*#4**56**7**891011121314**151617
Computer Center Operations Policy1**2**3#4**56**7**891011121314151617
Computer Forensics Policy12**3**4**56**78910111213#14**151617
Server Security Policy12**3#4**56**7891011121314**151617
Workstation Configuration Policy12**#3**4**56789101112131415*1617
Email Policy12**3#4**567891011121314**15**16**17
System Availability Policy#1**234567**891011121314151617
Server Setup and Configuration Policy1**23#4**56**7**891011121314**151617
Certification and Accreditation Policy12**34**56**78910111213#14**1516**17
Data Classification Policy#1**234567**89101112131415**(business owners)1617
Information Sensitivity Policy1**2**3*4**5**6*#7**891011**121314**15** (business owners)16**17
Risk Assessment Policy12**34*5*6*#7**8910111213#14**15* (business owners)1617
Database Passwords Policy12**3#4**567891011121314**15*1617
Encryption Policy#1**2**3*4**5*6*7**8*9*1011**121314**151617
Application Implementation Policy123456#7**891011**12**1314**151617
Incident Response Policy12**3**4**5**6**78910111213#14**15*16*17
Intrusion Detection Policy12**3*4**5**6**78910111213#14**151617
Disaster Recovery Policy1**2**3*4**5**6**#7**891011121314**15** (business)16* communicate the plan17
Third Party Identification Policy1234567?**8**#9**101112131415** (business)1617
Physical Security Policy1#2**34*5*6*78910111213*14151617
Extranet Policy1234#5**67891011121314**15* (business)1617
IT Steering Committee Policy1*234567891011121314*1516#?17**?
Insurance Purchase Policy1*2**34567*8**91011121314**1516#17**
Segregation of Duties Policy1*2**34**5*6*7*8*91011**1213#?14**1516#?17
Change Management Policy1#2**34*5*6*7**891011*12*1314**1516**17*
Auditing Policy1*#2**3*4*5*6*7*891011*12*1314**1516*17**
Third party IT Service Policy12**34567**8#9**101112**13141516*17* (business management)
Software Standards Policy1**2**34567**8**9**10#11**12**1314**151617* (business management)
Business Continuity Policy1**2**3456#7**891011121314**151617* (business management)
Development Life Cycle Policy1**2**3456#7**8**9**1011**121314**15*1617* (business management)
Technology and System Management Policy1234*5*678*910111213141516#17**
Preventative Maintenance Policy#1**234*5*6*7**8*9*1011*12*1314151617
Technology Planning Policy1**234*5*6*7**891011121314*1516#17**
Acquisition and Maintenance Policy1*234567*#8**9*10111213141516#17**
Configuration Management Policy12**34*5*6*#?7*891011*12*1314**1516**17*
Contracting Policy1*234567*8*#9**1011121314151617
Supplier Policy1*234567*8*#9**1011121314151617
Cost Management Policy123456#7*?*89101112131415* (business staff)16#17** (Accounting)
Communication Policy12345678910111213141516**#17**
IT Organizational Policy12*345678910*11121314*1516#17**
IT Budget Policy12345678910111213141516#17**
IT Human Resource Policy123456789#10**1112131415*16**#17**
External Requirements Policy1*2**3456#7**89101112131415*16#17** (business management)
Customer Support Policy12**#?3**?45678910*1112131415*16**17**
Emergency Access Policy12**34*5*6*78910111213#14**151617**
Service Level Policy1**2**34567**8910111213141516#17**
Service Monitoring Policy1*#2**3*4*5*6*7*891011121314*151617**
Internal Controls Policy12**34567*8*9*10111213141516#17**
Service Reliability and Continuity Policy#1**2**34567**891011121314*151617**
Service Quality Policy1#2**3456#7**891011121314151617**
Quality Policy1*2**3*4*5*6*#7**891011*12*1314*1516*17**
Policy1234567891011121314151617