Develop and distribute a code of conduct for using ICT

The information security policy can be based on a code of conduct and is centred around confidentiality, integrity and the availability of information within your organization.

Setting the objectives, and then defining and monitoring the indicators of the outcomes, is crucial for directing action and for staff buy-in. These tools should allow you to speak the same language and refer to understandable and well-defined elements.