Information Security Policy
he policy must include a description of the main roles and responsibilities of information security management. Set out the requirements for staff and contractors, processes and technology in relation to information security, recognising that staff and contractors at all levels have responsibilities in ensuring financial institutions’ information security.