Organizational Data Privacy and Security Policy

With this first policy an organization with prohibit or allow the usage of equipment and/or accounts depending on the individual’s permitted access.

4. Please be advised that failure to follow this policy can result in possible criminal, and civil sanctions against the company, and it management and employees, and possible disciplinary action against the responsible individuals, and including termination of

8. Which domain requires annual security awareness training and employee background checks for sensitive positions to help mitigate risk from employee sabotage? The user domain. Employees should at least be aware of social engineered attacks and potential risk that they, the employee could do.

An important part of this training will involve communicating key parts of the security policy so that employees will have an adequate understanding of potential threats and their remedy.

Organizational polices are needed to establish general guidance in such areas as: The use of e-mail to conduct official business

The organisation maintains policies for the effective and secure management of its information assets and resources.

Prohibits disclosure of these records without the written consent of the individual(s) to whom the records pertain unless one of the twelve disclosure exceptions enumerated in the Act applies.

Every organization must have adequate control mechanisms in place to help protect sensitive information from the distribution or transmission outside the organization, inappropriate disclosure, and control of how the information accessed is used. Companies should have policies in place that outline the course of action to take should inappropriate usage or disclosure of data be

The value of separation of duties is an essential security standard that certifies that a specific user does not have a proficiency to misuse his or her capabilities or make

is to maintain the confidentiality of those that are employed by the company along with company

Strict policy and low tolerance. Security vigilance. Random hourly patrols by the proposed security company. See Figure B.

“ Workers and other individuals who are working, have worked for an organization or applicants are entitled to protection by the data protection principles as data subjects” (FL Memo ltd, 2005) we must handle the data we receive from staff and applicants with great care as they have the right by law for their data to be kept safe and private.

ii) Accessing information held - Organisations are obligated to allow people access to the personal data held about them. This is to allow them to:

Establishing access codes to data registries is another security measure that the firm can uphold. This will ensure that confidential data and information is only managed by a certain level of management. In addition, during threats such as civil unrests or riots data will be managed effectively (Thejendra, 2008).

Doing so helps to ensure the organization is protected legally and remains in compliance with current law. Furthermore, this information helps to prevent future attacks, which is a concern of every organization, whether it be a government, financial institution, healthcare provider or other entity.