This sample report records the result of an evaluation of communications security policies and procedures at an organization.

Information security policies and procedures should represent the foundation upon which companies construct their information security programs. Information security policies serve as overarching guidelines for the use, management and implementation of information security throughout an organization. The corresponding information security procedures serve to define specific operational steps and practices that companies should follow in order to support the organization’s approach to information security as defined by the policy statements.