This sample policy outlines the standards for applying separation of duties to protect a company’s information assets.

In this sample, information systems security administration should be based on the principle of separation of duties. This policy applies to all information systems administrators, including all platforms, LAN, client/server and email administrators. All company information security policies will be created, maintained and reviewed in accordance with the enterprise information security policy. This document addresses the acceptable practices with regard to planning, managing and implementing a company’s physical security.