12.1 Establish, publish, maintain, and disseminate a security policy.
12.1 Examine the information security policy and verify that the policy is published and disseminated to all relevant personnel (including vendors and business partners).
A company’s information security policy creates the roadmap for implementing security measures to protect its most valuable assets. All personnel should be aware of the sensitivity of data and their responsibilities for protecting it.
It is absolutely urgent that your company has an information security policy. This directs how your employees perform tasks securely and typically includes a policy on how the employees will be trained in secure workplace practices. Employees (humans) are the weakest link in the security chain. Our clients constantly tell us of the information insecurity that their inadequately trained personnel have caused for them. Employee Security Trainings can be provided on site at your place of business and take a low amount of time and resources to create a big impact on your companies security posture.
Cyber Security Agency