Project Plan

CORPORATE POLICY STATEMENT #123

OBJECTIVE

To establish direction for XYZ and its subsidiaries as to the confidentiality, integrity, and availability (CIA) of all XYZ Information Assets (defined below).

SCOPE

This corporate policy applies to XYZ and all subsidiaries as set forth in Policy #xxx on Promulgation of Corporate Policies.

POLICY

Data and other information owned by, used by, or stored, processed, or transmitted by XYZ or by its vendors, business partners, or third parties acting on behalf of XYZ (collectively the “Vendors”), as well as all systems and applications of XYZ used to create, process, store, and communicate such information are all declared to be “XYZ Information Assets”.

XYZ will comply with all applicable laws, regulations, or other XYZ Policy Statements that affect the CIA of XYZ Information Assets.

XYZ will protect all XYZ Information Assets commensurate with the sensitivity and importance of such Assets to XYZ, to customers, the risk of compromise or misuse of those Assets, and the potential business or regulatory impact of misuse or compromise of those Assets.

XYZ will pay special attention to any information Assets that may be of interest to Homeland Security.

In order to meet these requirements this Policy requires XYZ to create, review, audit, and maintain instructions, standards, guidelines, and procedures for implementing CIA on XYZ Information Assets. These instuctions, standards, guidelines, and procedures will be used and followed during the normal course of business, all under the direction of the XYZ InfoSec Security Committee.

These will include:

* Adherence to the principle of “least privilege…”

* Terms and conditions within contracts that conform …

* Training of XYZ personnel in …

* Implementing the appropriate techniques that may be described in those instructions, standards, guidelines, and procedures to include encryption, masking, backups, passwords, tunneling, VRU, distribution methods, network...