Network Security Policy
Implementation guidance The header page and this section, up to and including Disclaimer, must be removed from the final version of the document. For more details on replacing the logo, yellow highlighted text and certain generic terms, see the Completion Instructions document.
Purpose of this document This document describes the organization’s policy regarding how networks will be built, secured and managed.
Areas of the GDPR addressed The following area of the GDPR is addressed by this document: •
Article 32 – Security of processing
General guidance This document is intended to document the principles that have been used in designing and implementing the security of your network. There are many ways of constructing networks and you will need to tailor this policy to represent how yours is structured to provide confidentiality, integrity and availability to your organization. As this is a policy, the level of detail should not be too specific, but the policy must be supported by lower level documentation such as network topology diagrams and procedures.
Review frequency Due to the rate of change of technology we would suggest this document is reviewed at least annually and ideally every six months.
Document fields This document may contain fields which need to be updated with your own information, including a field for Organization Name that is linked to the custom document property “Organization Name”. To update this field (and any others that may exist in this document): Version 1
Page 2 of 15
[Insert date]