Component #1

Component #1: Information Security Policy

This section summarizes the institution’s approach to managing information security in the context of an operational IT Security Program.  This component also specifies targets for regular formal reviews of IT security policy including compliance feedback, continuing suitability, and effectiveness. 

This IT Security Policy Framework represents the institution’s over-arching IT security policy document. 

In accordance with recommended practice, this enterprise-level policy will be reviewed annually.  Approval and revision history will be recorded in the Appendix within this document.