Policy Advisory

Policy Advisory  Information Security Governance Policy

Date: 01/01/2025
Organization: Cybersecurity and Enterprise Risk Management
Referenced Sources: MGL Chapter 7D, Section 2

The Information Security Governance Policy outlines information security requirements to safeguard information assets and assist the Commonwealth to achieve its strategic objectives.

Contact   for Information Security Governance Policy

Cybersecurity and Enterprise Risk Management

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov

Table of Contents

Purpose

The Commonwealth of Massachusetts collects, manages and stores information on a regular basis in order to support business operations. The Commonwealth is committed to preserving the confidentiality, integrity, and availability of its information assets.

The purpose of this policy is to establish the minimum information security requirements that must be implemented to protect the Commonwealth’s information assets. This policy reinforces the Commonwealth’s commitment to an effective information security program, and outlines the framework, principles, and controls required to ensure the protection of the Commonwealth’s information technology environment.

Downloads   for Information Security Governance Policy

Contact   for Information Security Governance Policy

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Referenced Sources:

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback