business continuity plan

Objective

The objective of the Information Security and Business Continuity Policy is to provide
strategic direction for Pacific Life’s Information Security and Business Continuity Programs. This policy will provide the foundation for
the program’s risk management framework and justification
for more granular
information security and
business continuity requirements.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Scope

This policy applies to
all information owners, information custodians and authorized users of Pacific
Life information assets.

An information owner is defined one who has primary responsibility for
particular information. Managers of functional areas are the owners of
information and information systems on behalf of the organization, and as such
are responsible for their use and protection.

An information custodian is defined as one who manages information
resources on behalf of an information owner. Information custodians are in
physical or logical possession of information. This possession does not imply
authorization.

An authorized user is defined as an employee, consultant, contractor,
business partner or other individual who has been granted access to Pacific
Life information.

An information asset is defined as information in any form, created,
collected or stored to support Pacific Life’s business operations, whether
belonging or entrusted to Pacific Life, including information about employees,
business operations and plans, customers and business partners.

Policy

In order to uphold
the business reputation and legal posture of the company, the protection of
Pacific Life information assets is a top priority in all business functions. It
is the policy of Pacific Life to appropriately preserve the confidentiality,
integrity and availability of its information assets during all business
activities. In support of this policy, Pacific Life will:

1.     Maintain processes to support compliance with applicable legal, statutory
and regulatory requirements

2.     Maintain access management processes to ensure that only appropriate and
authorized access will be granted to information assets

3.     Maintain information security education processes to clarify and
disseminate information security and business continuity responsibilities to
Pacific Life authorized users

4.     Maintain business continuity processes to identify and manage
environmental, availability and recovery requirements to ensure information
assets are available to authorized users when required

5.     Maintain risk management processes to ensure information security and
business continuity risks are identified and appropriate controls are
implemented and maintained

6.     Maintain preventive, detective and reactive processes to prevent, identify,
manage and respond to the loss of confidentiality, integrity or availability of
information assets

7.     Maintain conformance management processes to continually measure the
effectiveness of and continually improve information security and business
continuity controls

Responsibilities

Information owners, information custodians and authorized
users are responsible for understanding and adhering to applicable information
security and business continuity standards and Code of Business Conduct
policies. Additional detailed responsibilities are outlined below.

Information Security and Business Continuity Office

The
Chief Information Security Officer is the owner of the Information
Security and Business Continuity Policy. The
Information Security and Business Continuity Office is responsible for setting an enterprise strategic vision
and direction for information security and business continuity that supports
the Information Security and Business Continuity Policy. Roles and
responsibilities of the Information Security and Business
Continuity Office and other
related program participants will be clearly defined within the
Information Security Program and Business Continuity Program Charters. The
program charters will document the mandate and scope of the respective
programs.

maintenance and review

§  This policy is owned and maintained by the Chief
Information Security
Officer.

§  Changes to this policy will be made in accordance with Pacific Life Document Control
processes.

§  This policy will be reviewed on
an annual basis.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *