Secure Florida offers...

  • Security Alerts
  • C-Safe Classes
  • News and Info

create an account

Forgot your password?

Home > Business > Policies & Procedures

Policies & Procedures

The first step in securing your network is to define how your company intends to manage and protect its information and resources. Such decisions depend upon things like the nature of your information and the cost of security. But regardless of your final decisions, your security practices should be written down and shared with all your employees.

Policies are the overall company attitudes and intentions. For example, “It is the policy of XYZ Company to back up our data nightly and store this backup at an offsite facility.”
Procedures, on the other hand, are step-by-step instructions, with the responsibility for each step carefully delineated.

(NOTE: Policies are top-level documents, and should be approved by the highest officer in the organization, such as the CEO or president. Because of this, they should be as broad as possible, so that they will seldom need changing. Keep your details to the procedure level, because those will likely require more frequent modification.)

Policies and procedures should be tailored to fit your specific environment, but should deal with such topics as:

  • The level of privacy an employee can expect on a company computer
  • Which employees have access to which systems
  • Network practices
  • What to do when you suspect an intrusion
  • Steps to take when an employee leaves the company

Security policies and procedures should be documented, regularly enforced, and users should know their obligations for protecting the company’s network. Users include all who have authorized accounts on your systems. They can play a vital role in detecting signs of intrusion.

How do I get policies and procedures?

You can create your own policies and procedures, have them written for you by a consultant, or purchase them already written. There are several sources on the Internet that can help you. Here are a few....

Getting started

Free information:

For Florida State Agencies

The Office of Information Security has developed several policy templates as guidelines for Florida agency security policies, including a recent Mobile Computing policy.

RSS Feed | About Us | Contact Us | Sign up for The FIPC Dispatch | Sign up for The Beacon | Report a Crime