Publish a corporate security policy and a code of conduct

The security policy consists of defining the rules that must be followed by all if the organization is to reach the level of security of the information defined in the security strategy.