Administrative controls include organizational policies and procedures that are put in place for security. An organization must consider security concerns in their overall organizational policies and procedures. Some examples of this include:

• Security awareness training for employees
• Escalation plan in the event of a security attack
• Employees being required to carry and display a photo identification card
• Policies regarding acceptable use of company hardware and networks
• Policies related to what type of software can be installed on company hardware
• Rules on how company and customer data is handled
• Implementation of company password policies, including the required level of complexity and requiring employees to change ...