Print
Draft and Review Information Security Policies
31/10/2009 – 11:44 am by Lance MichalsonMichalsons are regarded as leaders in the legal aspects of information security. In particular we have extensive experience in the drafting and reviewing of information security policies through a legal lens.
Our objectives are to identify and highlight any information legal risks and legal compliance issues, that arise from our review of existing policies.
When reviewing the policies for “compliance“, our definition of “compliance” takes the following into account:
- Legal compliance: compliance with an Act promulgated by Parliament and subordinate legislation;
- ICT Legal Risk: risks which arise from the operational use of information and technology which is most likely to have legal ramifications for the company, predominantly in the form of financial loss or reputational damage;
- Best Practice: One of the ways of demonstrating ICT legal risk management and good corporate governance is to apply best practices. Best practices have been identified as accepted methods for achieving specific business functions, goals, or industry requirements.
- Corporate governance: According to King III “companies must comply with all applicable laws” and “when considering the company’s compliance with applicable laws, the board should ensure that IT related laws, rules, codes and standards are considered”.
Legal Compliance is the narrowest and easiest part of legal risk to deal with. (Non) compliance exposes the company to sanctions that arise from a breach of statute only in the forms of fines or imprisonment.
We also have regard to the purpose that the various policies serve, viz.: they are ultimately documents which serve to assist the organisation
- minimize its exposure to vicarious liability,
- protect trade secrets, confidential and proprietary information,
- document and support compliance with applicable law, best practice and corporate governance,
- provide evidence needed for legal proceedings,
- assist implement a standard of consistent behavior amongst users when it comes to the organisations computer systems and information and (vi) help to avoid allegations of negligence.
Best practice suggests that you review your policies annually.
Contact us on info@michalsonsattorneys.com to let us know how we can assist you review or draft your policies.
Similar Posts:
- Reasons for conducting an IT Governance Legal Audit
- IT Governance Legal Framework
- Information Security Legal Audit
- Infosec Policies - Role of Attorneys
- Comply with the ICT laws that apply to you
Sorry, comments for this entry are closed at this time.