Information Transfer Policy Template
The purpose of this policy is ensuring that correct treatment when transferring information internally and externally to the company and to protect the transfer of information through the use of all types of communication facilities.
All company employees and external party users.
Information that forms part of systems and applications deemed in scope by the ISO 27001 scope statement.
Data transfer must comply with all legal and regulation legislation requirements including but not limited to the GDPR and Data Protection Act 2018.
Formal agreements that include non-disclosure and confidentially clauses must be in place for data sharing prior to the data transfer.
Personal data must not be transferred outside the European Economic Area without legal consent, justification and legal mechanisms in place.
No personal or confidential information is to be transferred unencrypted.
All transfers are in line with IS 03 Information Classification and Handling Policy
Information Transfer Policy Template Contents
Document Version Control 2
Document Contents Page 3
Information Transfer Policy 5
Information Virus Checking 6
Information Encryption 6
Data Transfer Methods 6
Preferred Transfer Method 6
Data Transfer by Email 6
Data transfers by post/courier 7
Data transfers on removable media / memory sticks 7
Telephones, Mobile Phones and General Conversations 8
Data Transfers over Bluetooth 9
Lost or missing information 10
Policy Compliance 11
Compliance Measurement 11
Continual Improvement 11