Common use of Formal Definition of an Information Security Policy Clause in Contracts

Formal Definition of an Information Security Policy. Cengage has developed and documented a formal information security policy that sets out Cengage's approach to managing information security. Specific areas covered by this policy include, but are not limited to the following: • Information security responsibilities • Electronic communications systems - E-mail security - Instant messaging - Voicemail security • Disposing of confidential information - Secure on-site shredding - Disposal and reuse of electronic media • Data classification • Employee monitoring and access to employees’ electronic files • Securing confidential information ("clean desk") • Data loss prevention tools • Client requests for information security statements and policies • Responding to information requests / media response guidelines • Third-party access to Cengage or client confidential information • Mobile device management - Laptop security guidelines - Smart device guidelines - Employee personal device guidelines • Virus and malware protection • Remote access • Wireless networking access • Electronic incident management and handling • Internet use and “acceptable use policy” requirements • Internet applications and services security assessment • Identification and authorization - Password standards for employees - Password standards for system / LAN administrators and application developers of intranet systems - Access control standards - User id standards for system / LAN administrators and intranet application developers • Computer hardware & software management • Encryption • IT physical security • Incident response, reporting and tracking policy • Facility security - Emergency evacuation and assembly locations - Handling biochemical incidents, suspicious mail and explosives - Physical security - Security guidelines for visitors - Visitor security information • HR security requirements - Background checks - Cell phones, cameras and recording devices - Workplace safety and weapons - Termination of systems access for departing employees The Cengage Code of Ethics and Security policy document is approved by management, Cengage employees are required to acknowledge receipt and acceptance of the Cengage Code of Ethics and Security policy upon commencing work with Cengage. Policies are communicated to all employees and contractors through onboarding/new hire orientation, training classes, and distribution of policies on-line.