Your Basket
Cyber security for any size of business
CREST member company
Team of friendly certified experts
Information Transmission Policy Template

Information Transmission Policy Template

This policy defines the Information Transmission methods permissible for certain types of business information. Without such controls on Information Transmission, we risk the loss or compromise of its data which could adversely affect our business.

PURPOSE

Not all business information needs the same level of security to be applied.  The level required will depend on the data’s value to the firm and its vulnerability to particular threats. This policy allows for adequate resources – neither too much nor too little – to be applied on a case-by-case basis in a logical manner.

SCOPE

This policy applies to employees, contractors, consultants, temporaries, and other workers at {company_name}, including all personnel affiliated with third parties.

POLICY

Introduction

Transmission of information can ONLY be done via our file sharing application.  The classification of the information involved will determine which if DRM and further safety mechanisms are required. Further information relating to these can be found listed below.

Classifications for Transmission

{Internal Use & Confidential – replace with your label}: is information that contains sensitive business information that is for general readership within the firm. This information may include such documents as Quarterly Reports and Inter-Division communications. As a minimum requirement ‘Internal Use’ and ‘Confidential’ data may only exist within a secure file structure. It can only be shared directly and when send externally must use DRM and be shared via encrypted link.

{Highly Confidential  – replace with your label}: is information that is sensitive and limited to members of the business who have a legitimate purpose for accessing such data. Because of proprietary, ethical or privacy considerations, data which has been classified Highly Confidential that must be protected from unauthorised access, modification, storage or other use.  This classification is only available to Directors and is fully DRM protected. Highly Confidential cannot be shared outside of the firm without the CEO’s permission.

{Client Confidential – replace with your label}: is ANY information about a client, services provided to that client or reports for that client. Client information is ONLY shared with the designated client contact and is done so using the encrypted link sharing. The file(s) should not be DRM protection but rather password protected (12 character passwords) with first 6 characters being sent via email and the second 6 characters being sent via SMS. The download should be limited to 1 and the expiry set to 7 days.

COMPLIANCE

Compliance Measurement

The {company_name} Team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

Exceptions

Any exceptions to the policy must be approved by the CEO in advance.

Non-Compliance                                                                             

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Download the Template

Sign up to our newsletter

Keep up to date with the latest cyber security news and updates with our newsletter