What Is a Program Framework Policy or Charter?
The program framework policy, or information security program charter, is the capstone document for the information security program. The charter is a required document that establishes the information security program and its framework. This high-level policy defines:
- The program’s purpose and mission
- The program’s scope within the organization
- Assignment of responsibilities for program implementation
- Compliance management
The chief executive officer (CEO) usually approves and signs the charter. The charter establishes the responsibility for information security within the organization. It’s important that senior leadership of an organization express support for the information security program. ...
Get Security Policies and Implementation Issues, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
