Skip to main content

Issue-Specific Policy

Based on the guidance from the information security policy, issue-specific policies are developed to address areas of current relevance and concern to an organization.

The intent is to provide specific guidance and instructions on proper usage of systems to employees within the organization.

An issue-specific policy is meant for every technology the organization uses and is written in such a way that it will be clear to users. Unlike program policies, issue-specific policies must be reviewed on a regular basis due to frequent technological changes in an organization.

Example Topics for Issue-Specific Policy:

  • Internet Access,
  • Email,
  • Bring Your Own Device (BYOD),
  • Social Media.

(Source: NIST SP 800-12)