Any activities on information safety system modernization require preparation and development of a specialized documentation including a set of rules, instructions and process regulations.
A company's policy on information safety involves a set of regulatory documents as general terms and concepts as well as certain tasks:
- concept of information safety;
- terms on information safety;
- regulations on information safety;
- instructions, lists, journals etc.
The list of regulatory documents developed within the policy of information safety can be divided into four (4) levels according to the degree of detailed description of the information protection processes:
- 1 degree — a concept on information safety reflects the company’s position in terms of information protection activity and determines the motivation level to comply with the state and the international standards on information safety. Is an ideological base for all documents structure;
- 2 degree — various type of regulations on information safety, which includes documents on separate aspects of information safety and requirements on creation and use of various devices for information protection;
- 3 degree — regulations and instructions on information safety — documented description of the information safety processes, as well as guidance and instructions on realization of various services etc.;
- 4 degree — special forms, lists, recording of the events, registers and protocols — the widest spectrum of registration documents formed in the immediate process when using the information safety system.