Scribd
Upload
77 views4 pages

Running Head: Project Preparation Security Program Charter 1

HIC Inc. is committed to securing customer and employee data through its Information Security Program. The program's mission is to implement a proactive security program leveraging federal standards to address risks across the business. It aims to safeguard data confidentiality through access controls and integrating security into systems. It also aims to ensure system availability through redundancy and backups. The Chief Information Security Officer leads the security team in developing policies and oversees the program, while department managers implement policies. All employees are responsible for complying with security policies. Exceptions require CEO approval. The program and policies are reviewed annually.

Uploaded by

api-540237180
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
77 views4 pages

Running Head: Project Preparation Security Program Charter 1

HIC Inc. is committed to securing customer and employee data through its Information Security Program. The program's mission is to implement a proactive security program leveraging federal standards to address risks across the business. It aims to safeguard data confidentiality through access controls and integrating security into systems. It also aims to ensure system availability through redundancy and backups. The Chief Information Security Officer leads the security team in developing policies and oversees the program, while department managers implement policies. All employees are responsible for complying with security policies. Exceptions require CEO approval. The program and policies are reviewed annually.

Uploaded by

api-540237180
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Running head: Project Preparation Security Program Charter 1

Project Preparation Security Program Charter

Justin R. Cook

University of San Diego, CSOL-540


Running head: Project Preparation Security Program Charter 2

HIC Inc. Information Security Program Charter


HIC Inc. is committed to safeguarding the digital assets and information belonging to its
customers, employees, and stakeholders. Customers trust HIC Inc. with their personally
identifiable information which must be secured at all costs. Securing this information requires
that HIC Inc. must respect the privacy of data, protect the confidentiality, integrity, and
availability of all critical systems, and fully comply with all laws and regulations.

The purpose of this Security Program Charter is to set the high-level purpose and scope of HIC
Inc.’s security program. Additionally, this charter outlines the ownership and responsibilities of
those tasked with overseeing the overall security program, implementing policies, and complying
with procedures.
I. Scope
This Information Security Program Charter and all resulting documentation apply to all HIC Inc.
members including employees, contractors, consultants, and any individual/entity authorized to
use and/or access HIC Inc.’s resources, data, and systems.
II. Information Security Program Mission Statement
The HIC Inc. Information Security Program will take a proactive approach to implement a well-
vetted security program that leverages federal standards to address security risks across all
business functions.

The Information Security Program will safeguard the confidentiality of systems and data by
developing policies to implement several layers of security into all systems. Security will be
integrated into information systems during each step of their development lifecycle. Users will
only be granted access to these systems and the information stored on them if it is required to
fulfill their business functions.

The Information Security Program will safeguard the availability of all systems and data by
developing policies that require implementing redundant systems and adhering to a strict backup
schedule. Systems will be redundant at all levels including power, network, storage, and compute
resources. All critical systems will be subject to regular backups that satisfy the RTOs and RPOs
dictated by executive management.
Running head: Project Preparation Security Program Charter 3

The Information Security Program will integrate federally accepted standards into all policies
subject to the Security Program Charter. HIC Inc. will regularly check for compliance against
these standards and apply updates to all systems as required.
III. Ownership and Responsibilities
All members of the HIC Inc. organization have the responsibility to do their due diligence to help
ensure the security of all information and systems. Each layer of the security program is vital to
the overall security of the entire company. A security program is only successful if all users
follow the policies, procedures, and guidelines laid out.

The Chief Executive Officer (CEO) must approve the HIC Inc. Information Security Program
Charter. The CEO additionally assigns executive ownership and authority for the HIC Inc.
Security Program to the Chief Information Security Officer (CISO). The CISO leads an
information security team that works together to develop the policies that are a part of the overall
security program. Following the development of security policies, the CISO must then evaluate
and approve each policy.

The information security team works closely with department managers to implement the
security policies into their daily procedures and systems. The department managers ensure that
their employees are aware of and follow the policies in the security program. All employees,
contractors, consultants, and any individual/entity authorized to use and/or access HIC Inc.’s
resources, data, and systems are responsible for following the policies.
IV. Enforcement and Exception Handling
Failure to comply with HIC Inc.’s security policies or procedures will result in disciplinary
actions which can include termination of employment or termination of contracts/agreements.
Serious offenses that violate legal regulations may also result in lawsuits.
Exceptions to the HIC Inc. security program are granted under extremely rare circumstances.

Any potential exception will be documented, approved, and signed by the CEO of HIC Inc.

V. Review and Revision


The HIC Inc. Information Security program and policies shall be reviewed annually by the
Information Security team. During the review, updates will be made and relevant edits will be
Running head: Project Preparation Security Program Charter 4

performed on this document. Following the edits, the Security Program Charter must be
approved by the CEO again.

Approved: __________________________________________
Signature
<Typed Name>
Chief Executive Officer

You might also like