User Information Security Policy
Subscriber Content
Thorough User Information Security Procedures and Practices
This policy outlines guidelines for securing user information. It discusses testing information system controls, not exploiting system security vulnerabilities, required reporting of information security incidents, and reporting lost/stolen system access tokens.
In this sample policy, employees must not test or attempt to compromise internal controls unless specifically approved in advance and in writing by appropriate company management. External third parties, such as consultants, must not test or attempt to compromise internal controls unless the scope of such diagnostic work has been defined and approved in consultation with appropriate company management.