A policy statement sets the rules and guidelines that an organization and its employees must follow to achieve a specific goal. A policy statement sets the tone and communicates the organization’s position and attitude on a subject, aligned with its mission, vision, core values, and operating environment. A policy outlines strategic intent and demonstrates executive leadership’s support and approval. A policy statement should provide a meaningful, clear, well-communicated, and consistently enforced message. In addition, it should support audit, legal, regulatory, and contractual requirements, as well as other expectations as designated by the organization.
This template policy aligns with the ASIS Security Awareness Standard, which is available in e-book and softcover formats, and aims at demonstrating an organization’s commitment towards the development and maintenance of a security awareness program. This policy should be reviewed and updated regularly and when changes in the risk environment occur to reflect ongoing risk management improvements.
