|Version: 1.00||Issue Date: 10/27/2015|
This Communication Policy will help ensure that all organizational policies are communicated effectively and staff members are aware of them.
This Communication Policy requires that all organizational policies be communicated in an effective manner and users are trained about policies.
This Communication Policy applies to management, trainers, and all those who create policies. This policy is effective as of the issue date and does not expire unless superceded by another policy.
4.0 Security Policy Awareness and Training
All organizational policies must be communicated in written form and through training to all users and organizational members (including contractors) that they apply to.
A communication program to inform members of the information technology department and end users about organizational policies and security policies and issues must be created.
Communication programs and plans must consider awareness techniques including training sessions, newsletters, intranet web sites, e-mail, voice mail, bulletins, posters, and user guides.
Communication programs should train users and information technology staff about policies, procedures, and additional requirements which relate to their jobs, organizational policies, organizational requirements, and computer security. Programs should consider information needed by those who design, develop, implement, maintain, or administer systems or software.
All new users must be educated about security policies before they are allowed to have access to information technology resources.
Computer security awareness training should include but not be limited to:
The Code of Ethics Policy and how it applies to them.
Privacy and Confidentiality Policy which provides guidance about how data should be handled.
Computer Training Policy and all items covered by this policy including the user's responsibility for understanding this material and the possible damage that can result from a successful exploit.
Acceptable Use Policy which defines the proper use of information technology resources.
Incident Response Policy and procedures which defines how security incidents will be handled including prompt response and resolution.
General security requirements of the organization and for specific jobs.
The users should be regularly reminded about what the code of ethical conduct requirements are.
Users of information technology resources should be informed about how to reach the help desk, how to get service, and the service they can expect.
All policies must be posted and readily available on the organizations intranet site.
Since following the Communication Policy is important for the welfare of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.
12.0 Other Policies
Code of Ethics Policy
Privacy and Confidentiality Policy
Computer Training Policy
Acceptable Use Policy
Incident Response Policy
13.0 Additional Requirements
Approved by:__________________________ Signature:_____________________ Date:_______________