Check your IELTS writing task 1 and essay, this is a free correction and evaluation service.
Check IELTS Writing it's free
British CouncilIDPCambridge
IELTS Writing Answer Sheet
Barcode 3
Candidate Name:
Trang Nguyễn
Center Number:
1
2
3
4
   
Candidate Number:
6
5
5
1
Module (shade one box):
Academic:
 
General Training:
Test Date:
0
D
6
D
   
0
M
1
M
   
2
Y
0
Y
2
Y
2
Y

policy for information security

policy for information security g8NVg
Document creation history Name Information security policy Number of the document IS-PL/01-18 Version 2. 0 Authorized Anzor Mekhrishvili Approved A person with the highest executive authority Date of approval 29. 03. 2018 Date of activation 02. 04. 2018 Date of update 26. 02. 2018 1. Purpose and goal of the document Information Security Policy (referenced as the “Policy”) is a pre-eminent document that governs various information security policies and procedures and reflects the attitude of the BDO Group (referenced as the “company”) towards information security topics. This policy further defines key information security requirements, with high responsibilities to customers, partners, and regulators to support sustainable business growth. The primary objectives of the information security policy are:  Defining responsibilities and authorities towards information security matters.  Defining communication rules for the use of information technologies and information systems for BDO Group employees and other users.  Developing information security control mechanisms in the company, to ensure confidentiality, integrity, and availability.  Intensive assessment, management, and monitoring of risks arising from internal and external threats, and the introduction and development of appropriate information security mechanisms, to avoid or minimize the expected harm.  Defining and implementing basic rules of conduct against incidents, crises, and intentional or negligent harm. Information security policy is based on widely-accepted international standards and general practices in Information Security. The policy envisages and complies with the legislation of Georgia. 2. Definition of terms BDO Group - ბიდიო ჯგუფის წევრად მიიჩნევა საქართველოში რეგისტრირებული ყველა იურიდიული პირი, რომელიც წარმოადგენს გაერთიანებულ სამეფოში რეგისტრირებული ფირმის -“ბიდიო ინტერნეშენალ ლიმიტედის” წევრს ხმის უფლებით ან მის გარეშე. ბიდიო ჯგუფის ყველა წევრი ფირმა შედის ბიდიოს დამოუკიდებელი ფირმების საერთაშოისო ქსელის შემადგენლობაში. ბიდიო არის საერთო სასაქონლო ნიშანი ბიდიოს ქსელისა და მისი თითოეული წევრი ფირმისთვის. Company- Ltd BDO Georgia, Ltd BDO Audit, Ltd BDO Consulting, Ltd BDO legal, Ltd BDO HR and Payroll, Ltd Startup Fund, individually. Information Asset – All types of information, information storage, processing, transmission technology, employees, and their knowledge of information processing. Information Security – Protection of confidentiality, integrity, and availability of information. Information Security Incident – Actual or potential breach of information security policy resulting in unauthorized access, disclosure, damage or interruption of information or access to information resources. Confidentiality- Access to information only for persons entitled to access it. Integrity – Knowledge that ensures that information is correct, not intentionally or negligently altered, and reflects accurate facts. Availability- Knowledge that ensures that information/system will be available to authorized users at the required time. 3. Scope of the document Areas of Information security policy regulation include all business units within the BDO Group. Owned by BDO Group:  Information from an employee, client, or other third parties  All information resources Owned by BDO Group:  All information systems  All information technologies and IT infrastructure  Any other technical means by which information is collected, stored, protected, authorized, transmitted, received, copied, transferred, processed, or destroyed. BDO Group employees and third parties:  Who manages the information owned or is under the regulation of the company  Who uses or administers the company’s information systems and IT infrastructure. All procedures and other documents of BDO Group:  Which regulates the way of working with information, information or computing systems, IT infrastructure, documents, and any information carriers.  Which regulates information security cases between the company and its customers. 4. Responsibilities Implementation of a successful and effective information security system requires management and further development with coordinated and purposeful work of all BDO Group employees and partners. 4. 1 Responsibilities of all employees of BDO Group Responsibility of all BDO Group employees:  Understand and follow information security policies and company information security rules.  Follow the company information confidentiality rules.  Ensure the safety of the information systems and means of communications used.  Immediately notify the Information Security Department of any violations of information security rules or suspicious events. 4. 2 Responsibility of the person with highest executive authority of the BDO Group The responsibility of the person with the highest executive authority of the BDO Group is:  Review and approve the company’s information security policy  Provide oversight at the strategic level of formation, management, and ongoing development of company unified information security environment.  Allocate and monitor appropriate organizational, human, material, and monetary resources in line with business objectives to achieve information security objectives.  Review information security reports and incidents. 4. 3 Responsibilities of heads for the service department and directions Responsibilities of heads for the service department and directions are:  Organize and control compliance with information security requirements in its subordinate area  Organize and control the awareness of its subordinates in the field of information security  Organize and control third-party information security awareness related to its business process  Information security requirements consideration when developing department internal standards and procedures  Proper distribution of responsibilities and access to information in the subordinate area.  Classification of confidential information and monitoring compliance with relevant rules. 4. 4 Responsibility of Information Security Officer Responsibility of Information Security Officer is:  Monitoring and management of information security.  Analysis of information security requirements made by BDO Group management, partners, and business units.  Responding to information security incidents, management, and analyzing relevant trends.  Development of information security policies, procedures, and guidelines.  Evaluating BDO Group processes and monitoring their compliance with information security principles  Checking the level of current information risks, developing recommendations, plans, and measures to minimize them, and monitoring their implementation, which helps to increase the level of security of the company’s information systems.  Review, verify and monitor information security requirements.  Participation in the training of company employees on issues related to information security  Participation in implementing BDO Groups business continuity plan  Participation in organizing crisis response and management  Participation in information security risk analysis for new projects and change management  Reporting on information security issues with a person with the highest executive authority of BDO Group 4. 5 Responsibilities of the IT Department of the BDO Group BDO Group IT Department responsibilities are:  Organizing, managing, and developing information systems and information technologies according to information security requirements  Providing technical security architecture for company systems (which takes into account information security requirements in IT architecture and infrastructure)  Developing standards and procedures for the management, development, and modification of information systems and information technologies to ensure compliance with BDO Group information security requirements  Purchasing, development, implementation, operation, modernization, and decommissioning of information systems, software, and information technologies under the company’s information security requirements  Managing the company’s information assets and access control, responding promptly and effectively to any prohibited or dangerous actions or cases in relation to controlled systems.  Managing and proper usage of media carriers in the company’s IT infrastructure  Managing and proper usage of BDO Group communication tools  Management of BDO Group IT business continuity  Providing backups due to business continuity plan  Continuous monitoring of the state of information systems and IT infrastructure  Intensive review of information security vulnerabilities and appropriate response  Analysis of cases in information systems and IT infrastructure, investigation of suspicious cases, timely detection, and escalation of security incidents. 4. 6 Responsibilities of the Human Resources Management Division of BDO Group The responsibility of BDO Group’s Human Resources Division:  Ensure proper selection and background checking of BDO Group employees  Organizing the training of employees in the field of information security 4. 7 Responsibilities of the owners of BDO Group information assets Responsibilities for the owners of BDO Group information assets are:  Knowledge of what information assets they are responsible for  Classification of assets according to the rules defined by the company and accordingly determine their authorization  Ensuring the existence of information security controls over the information asset under their responsibility 4. 8 Responsibilities of the BDO Group Lawyer: Responsibilities of the BDO Group Lawyer include:  Checking compliance of the policy with the legislation  Providing the relevant normative acts to the information security officer  Providing legal advice in investigating information security incidents or other conflict situations. 5. Principles of Information Security BDO Group’s information security policy and other related documents are based on the ISO 27000 standard series. The company must constantly protect confidentiality, integrity, and availability of information: Confidentiality – Access to information is allowed only to authorized personnel who need such access to perform the assigned functions Integrity – Information must be complete, accurate, and timely to ensure the proper functioning of the business Availability – Information should be available and usable at any time needed.  All information assets should be classified according to their level of confidentiality, integrity, and availability  All employees should treat the information assets of the company according to the level of its classification  The information asset must be protected from unauthorized access according to its classification level. 6. Approval of the document The policy is approved by a person with the highest executive authority. Any deviation from the policy should be considered as an exception and approved by a person with the highest executive authority. The information security officer is required to update the policy every 2 years. The person with the highest executive authority may at any time amend the policy on the recommendation of an information security officer or any member of the executive branch.
Document
creation history Name Information
security
policy Number of the document IS-PL/01-18 Version 2.
0 Authorized
Anzor
Mekhrishvili
Approved A
person
with the highest
executive
authority Date of approval 29. 03. 2018 Date of activation 02. 04. 2018 Date of update 26. 02. 2018 1. Purpose and goal of the
document
Information
Security
Policy
(referenced as the
“Policy”)
is a pre-eminent
document
that governs various
information
security
policies
and
procedures
and reflects the attitude of the BDO
Group
(referenced as the “
company
”) towards
information
security
topics. This
policy
further
defines key
information
security
requirements, with high
responsibilities
to customers, partners, and regulators to support sustainable
business
growth. The primary objectives of the
information
security
policy
are:  Defining
responsibilities
and
authorities
towards
information
security
matters.  Defining communication
rules
for the
use
of
information
technologies
and
information
systems
for BDO
Group
employees
and
other
users.  Developing
information
security
control
mechanisms in the
company
, to
ensure
confidentiality,
integrity
, and availability.  Intensive assessment,
management
, and
monitoring
of
risks
arising from internal and external threats, and the introduction and
development
of appropriate
information
security
mechanisms, to avoid or minimize the
expected
harm.  Defining and implementing basic
rules
of conduct against
incidents
, crises, and intentional or negligent harm. Information
security
policy
is based
on
widely
-
accepted
international
standards
and general practices in
Information
Security
. The
policy
envisages and complies with the legislation of Georgia. 2. Definition of
terms
BDO
Group
-
ბიდიო
ჯგუფის
წევრად
მიიჩნევა
საქართველოში
რეგისტრირებული
ყველა
იურიდიული
პირი
,
რომელიც
წარმოადგენს
გაერთიანებულ
სამეფოში
რეგისტრირებული
ფირმის
-“
ბიდიო
ინტერნეშენალ
ლიმიტედის
წევრს
ხმის
უფლებით
ან
მის
გარეშე
.
ბიდიო
ჯგუფის
ყველა
წევრი
ფირმა
შედის
ბიდიოს
დამოუკიდებელი
ფირმების
საერთაშოისო
ქსელის
შემადგენლობაში
.
ბიდიო
არის
საერთო
სასაქონლო
ნიშანი
ბიდიოს
ქსელისა
და
მისი
თითოეული
წევრი
ფირმისთვის
.
Company
- Ltd BDO Georgia, Ltd BDO Audit, Ltd BDO Consulting, Ltd BDO legal, Ltd BDO HR and Payroll, Ltd Startup Fund,
individually
. Information
Asset
All types of
information
,
information
storage, processing, transmission
technology
,
employees
, and their knowledge of
information
processing. Information
Security
Protection of confidentiality,
integrity
, and availability of information.
Information
Security
Incident
Actual or potential breach of
information
security
policy
resulting in unauthorized
access
, disclosure, damage or interruption of
information
or
access
to
information
resources. Confidentiality-
Access
to
information
only
for
persons
entitled to
access
it. Integrity
Knowledge that
ensures
that
information
is correct, not
intentionally
or
negligently
altered, and reflects accurate facts. Availability- Knowledge that
ensures
that information/system will be available to
authorized
users at the required time. 3. Scope of the
document
Areas of
Information
security
policy
regulation include all
business
units within the BDO Group.
Owned
by BDO Group:  Information from an
employee
, client, or
other
third parties  All
information
resources
Owned
by BDO Group:  All
information
systems  All
information
technologies
and IT infrastructure  Any
other
technical means by which
information
is collected
, stored, protected,
authorized
, transmitted, received, copied, transferred, processed, or
destroyed
. BDO
Group
employees
and third parties:  Who manages the
information
owned
or is under the regulation of the
company
 Who
uses
or administers the
company’s
information
systems
and IT infrastructure. All
procedures
and
other
documents
of BDO Group:  Which regulates the way of working with
information
,
information
or computing
systems
, IT infrastructure,
documents
, and any
information
carriers.  Which regulates
information
security
cases between the
company
and its customers. 4. Responsibilities Implementation of a successful and effective
information
security
system
requires
management
and
further
development
with coordinated and purposeful work of all BDO
Group
employees
and partners. 4.
1 Responsibilities
of all
employees
of BDO Group Responsibility of all BDO
Group
employees:  Understand and follow
information
security
policies
and
company
information
security
rules
.  Follow the
company
information
confidentiality
rules
.  Ensure the safety of the
information
systems
and means of communications
used
.  Immediately notify the
Information
Security
Department
of any violations of
information
security
rules
or suspicious
events
. 4. 2
Responsibility
of the
person
with
highest
executive
authority
of the BDO Group The
responsibility
of the
person
with the highest
executive
authority
of the BDO
Group
is:  Review and approve the
company’s
information
security
policy  Provide oversight at the strategic
level
of formation,
management
, and ongoing
development
of
company
unified
information
security
environment.  Allocate and monitor appropriate organizational, human, material, and monetary resources in line with
business
objectives to achieve
information
security
objectives.  Review
information
security
reports and
incidents. 4
. 3
Responsibilities
of heads for the service
department
and directions Responsibilities of heads for the service
department
and directions are:  Organize and
control
compliance
with
information
security
requirements in its subordinate area  Organize and
control
the awareness of its subordinates in the field of
information
security  Organize and
control
third-party
information
security
awareness related to its
business
process  Information
security
requirements consideration when developing
department
internal
standards
and procedures  Proper distribution of
responsibilities
and
access
to
information
in the subordinate area.  Classification of confidential
information
and
monitoring
compliance
with relevant
rules. 4
. 4
Responsibility
of
Information
Security
Officer Responsibility of
Information
Security
Officer is:  Monitoring and
management
of
information
security.  Analysis of
information
security
requirements made by BDO
Group
management
, partners, and
business
units.  Responding to
information
security
incidents
,
management
, and analyzing relevant trends.  Development of
information
security
policies
,
procedures
, and guidelines.  Evaluating BDO
Group
processes and
monitoring
their
compliance
with
information
security
principles  Checking the
level
of
current
information
risks
, developing recommendations, plans, and measures to minimize them, and
monitoring
their implementation, which
helps
to increase the
level
of
security
of the
company’s
information
systems.  Review, verify and monitor
information
security
requirements.  Participation in the training of
company
employees
on issues related to
information
security  Participation in implementing BDO
Groups
business
continuity plan  Participation in organizing crisis response and management  Participation in
information
security
risk
analysis for new projects and
change
management  Reporting on
information
security
issues with a
person
with the highest
executive
authority
of BDO
Group 4
. 5
Responsibilities
of the IT
Department
of the BDO Group BDO
Group
IT
Department
responsibilities
are:  Organizing, managing, and developing
information
systems
and
information
technologies
according
to
information
security
requirements  Providing technical
security
architecture for
company
systems
(which takes into account
information
security
requirements in IT architecture and infrastructure)  Developing
standards
and
procedures
for the
management
,
development
, and modification of
information
systems
and
information
technologies
to
ensure
compliance
with BDO
Group
information
security
requirements  Purchasing,
development
, implementation, operation, modernization, and decommissioning of
information
systems
, software, and
information
technologies
under the
company’s
information
security
requirements  Managing the
company’s
information
assets and
access
control
, responding
promptly
and
effectively
to any prohibited or
dangerous
actions or cases in relation to controlled systems.  Managing and
proper
usage of media carriers in the
company’s
IT infrastructure  Managing and
proper
usage of BDO
Group
communication tools  Management of BDO
Group
IT
business
continuity  Providing backups due to
business
continuity plan  Continuous
monitoring
of the state of
information
systems
and IT infrastructure  Intensive review of
information
security
vulnerabilities and appropriate response  Analysis of cases in
information
systems
and IT infrastructure, investigation of suspicious cases, timely detection, and escalation of
security
incidents. 4
. 6
Responsibilities
of the Human Resources
Management
Division of BDO Group The
responsibility
of BDO
Group’s
Human Resources Division:  Ensure
proper
selection and background checking of BDO
Group
employees  Organizing the training of
employees
in the field of
information
security 4
. 7
Responsibilities
of the owners of BDO
Group
information
assets Responsibilities for the owners of BDO
Group
information
assets are:  Knowledge of what
information
assets they are responsible for  Classification of assets
according
to the
rules
defined by the
company
and
accordingly
determine their authorization  Ensuring the existence of
information
security
controls
over the
information
asset
under their
responsibility 4
. 8
Responsibilities
of the BDO
Group
Lawyer: Responsibilities of the BDO
Group
Lawyer include:  Checking
compliance
of the
policy
with the legislation  Providing the relevant normative acts to the
information
security
officer  Providing legal advice in investigating
information
security
incidents
or
other
conflict situations. 5. Principles of
Information
Security
BDO
Group’s
information
security
policy
and
other
related
documents
are based
on the ISO 27000
standard
series. The
company
must
constantly
protect confidentiality,
integrity
, and availability of information: Confidentiality
Access
to
information
is
allowed
only
to
authorized
personnel who need such
access
to perform the assigned functions Integrity
Information
must
be complete, accurate, and timely to
ensure
the
proper
functioning of the business Availability
Information
should be available and usable at any time needed.  All
information
assets should
be classified
according
to their
level
of confidentiality,
integrity
, and availability  All
employees
should treat the
information
assets of the
company
according
to the
level
of its classification  The
information
asset
must
be protected
from unauthorized
access
according
to its classification
level. 6
. Approval of the
document
The
policy
is approved
by a
person
with the highest
executive
authority. Any deviation from the
policy
should
be considered
as an exception and approved by a
person
with the highest
executive
authority. The
information
security
officer
is required
to update the
policy
every 2 years. The
person
with the highest
executive
authority
may at any time amend the
policy
on the recommendation of an
information
security
officer or any member of the
executive
branch.
Do not write below this line
Official use only
CC
5.5
LR
5.0
GR
5.5
TA
5.0
OVERALL BAND SCORE
5.5
Barcode 1
Barcode 1

IELTS essay policy for information security

👍 High Quality Evaluation

Correction made by newly developed AI

✅ Check your Writing

Paste/write text, get result

⭐ Writing Ideas

Free for everyone

⚡ Comprehensive report

Analysis of your text

⌛ Instant feedback

Get report in less than a second

Copy promo code:vgpYo
Copy
Recent posts