Information Transmission Policy Template

Home / Services / Virtual CISO / Policies / Information Transmission Policy Template

Information Transmission Policy
This policy defines the Information Transmission methods permissible for certain types of business information. Without such controls on Information Transmission, we risk the loss or compromise of its data which could adversely affect our business.
Not all business information needs the same level of security to be applied. The level required will depend on the data’s value to the firm and its vulnerability to particular threats. This policy allows for adequate resources – neither too much nor too little – to be applied on a case-by-case basis in a logical manner.
This policy applies to employees, contractors, consultants, temporaries, and other workers at {{company_name}}, including all personnel affiliated with third parties.
Transmission of information can ONLY be done via our file sharing application, {{app_name}}.  The classification of the information involved will determine which if DRM and further safety mechanisms are required. Further information relating to these can be found listed below.
Classifications for Transmission
Internal Use & Confidential: is information that contains sensitive business information that is for general readership within the firm. This information may include such documents as Quarterly Reports and Inter-Division communications. As a minimum requirement ‘Internal Use’ and ‘Confidential’ data may only exist within the {{app_name}} file structure. It can only be shared directly within {{app_name}} and when send externally must use DRM and be shared via encrypted link.

Highly Confidential:
is information that is sensitive and limited to members of the business who have a legitimate purpose for accessing such data. Because of proprietary, ethical or privacy considerations, data which has been classified Highly Confidential that must be protected from unauthorised access, modification, storage or other use.  This classification is only available to Directors and is fully DRM protected. Highly Confidential cannot be shared outside of the firm without the CEO’s permission.

Client Confidential: is ANY information about a client, services provided to that client or reports for that client. Client information is ONLY shared with the designated client contact and is done so using the encrypted link sharing with {{app_name}}.The file(s) should not be DRM protection but rather password protected (16character passwords) with first 8 characters being sent via email and the second 8 characters being sent via SMS. The download should be limited to 1 and the expiry set to 7 days.
Compliance Measurement
The {{company_name}} Team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.
Any exceptions to the policy must be approved by the CEO in advance.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
  • All