Information security is something that is increasingly being incorporated in PQQs (pre-qualification questionnaires), bids and tenders and is seldom documented by agencies. Clients are becoming more concerned about information security and the impact that external suppliers can have on their business in terms of actual and reputational damage.
This Information security Policy covers information security for all information technology data, equipment, processes and premises together with measures and controls on how to protect both your agency’s and your clients’ information. It covers the procedures you have in place to protect access to information physically, administratively and technically against theft, fraud, malicious or accidental damage, and breach of privacy or confidence.
This template covers:
- Scope of the policy and responsibilities
- Measures and controls (including personnel security, physical security, access to IT systems, logins and passwords, protection against malicious software, software licences and backups)
- Business continuity and disaster recovery
- Change management
- Security incident handling procedures
- Reporting of incidents
- Learning from security incidents
- Policy violation and its consequences
Length of document: 8 pages
Last reviewed / updated: 27.02.17
If you need further assistance with tender questions relating to information security or security incident management, please contact us on 01688 400319 or email firstname.lastname@example.org.