The foundations for any business' information security management should be its information security policy.  The policy states at a high level what is required of the organisation in order to protect its assets. The policy's job is not to state how something should be done but what should be done.

For example, consider the following policy requirement: "Passwords are required to be at least 8 characters in length"

There may be many different types of passwords on many types of operating systems or applications. For each of those there must be a procedure or build standard which details how to technically implement that requirement.

Defining an information security policy can be a bewildering task even for a small organisation. There is no one size fits all policy as every company has different assets to protect and different attitudes to risk however, 4Armed can kickstart your security programme with our competitive information security policy starter packs. We can provide "off the shelf" information security policies based on the industry standard ISO27001 which can then be tailored, with assistance from us if you require, to meet your business security needs.