Initial commit

themes/comply-soc2/policies/information.md

@@ -0,0 +1,29 @@
+name: Information Security Policy
+acronym: ISP
+satisfies:
+  TSC:
+    - CC9.9
+majorRevisions:
+  - date: Jun 1 2018
+    comment: Initial document
+---
+
+# Overview
+
+The Information Security Policy is a composite policy referencing other Acme policies relevant to information security.
+
+# Component Policies
+
+The Acme Information Security Policy is composed of:
+
+- [Application Security Policy (*Acme-ASP.pdf*)](Acme-ASP.pdf) {-}
+- [Cyber Risk Management Policy (*Acme-CRP.pdf*)](Acme-CRP.pdf) {-}
+- [Data Classification Policy (*Acme-DCP.pdf*)](Acme-DCP.pdf) {-}
+- [Data Retention Policy (*Acme-ASP.pdf*)](Acme-DRP.pdf) {-}
+- [Datacenter Security Policy (*Acme-ASP.pdf*)](Acme-DSP.pdf) {-}
+- [Encryption Policy (*Acme-ASP.pdf*)](Acme-EP.pdf) {-}
+- [Password Policy (*Acme-ASP.pdf*)](Acme-PWP.pdf) {-}
+- [Remote Access Policy (*Acme-ASP.pdf*)](Acme-REAP.pdf) {-}
+- [Removable Media Policy (*Acme-ASP.pdf*)](Acme-RMP.pdf) {-}
+- [Security Incident Response Policy (*Acme-ASP.pdf*)](Acme-SIRP.pdf) {-}
+- [Workstation Security Policy (*Acme-ASP.pdf*)](Acme-WSP.pdf) {-}