Effective date Month / Day / Year
Implement by Month / Day / Year
To provide the authority for members of ABC Inc.'s InfoSec team to conduct a security audit on any system at ABC Inc. Audits may be conducted to:
Ensure integrity, confidentiality, and availability of information and resources
Investigate possible security incidents
Ensure conformance to ABC Inc. security policies
Monitor user or system activity where appropriate
Measure and report on risk
This policy covers the following:
All computer and communication devices that are part of, or associated with, the ABC Inc. Network
All information stored on ABC Inc. media (digital and hard copy information)
When requested , and for the purpose of performing an audit, any access needed will be provided to members of ABC Inc.'s InfoSec team. This access may include:
User level and/or system level access to any computing or communications device
Access to information (electronic, hardcopy, etc.) that may be produced, transmitted, or stored on ABC Inc. equipment or premises
Access to work areas (labs, offices, cubicles, storage areas, etc.)
Access to interactively monitor and log traffic on ABC Inc. networks
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Exceptions to information system security policies exist in rare instances where a risk assessment examining the implications of being out of compliance has been performed, where a Policy Exception Form <Insert Link> has been prepared by the data owner or management, and where this form has been approved by both the CSO or Director of InfoSec and the Chief Information Officer (CIO).
Date ___/____/_____
Version:_______________________
Author:____________________________________
Summary:__________________________________