Skip to main content
Policy Advisory

Policy Advisory  Organization of Information Security Standard

Date: 01/01/2025
Organization: Cybersecurity and Enterprise Risk Management
Referenced Sources: MGL Chapter 7D, Section 2

The Organization of Information Security Standard reinforces the Commonwealth’s commitment to an effective information security governance program and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks posed by improper management of information.

Contact

Cybersecurity and Enterprise Risk Management

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Skip table of contents

Table of Contents

You skipped the table of contents section.

Purpose

The purpose of this standard is to:

•Protect the Commonwealth’s information by establishing, implementing,
and managing risk-based administrative, technical and personnel
safeguards.

•Establish responsibility and accountability for information security in the 
organization.

•Comply with relevant laws, regulations and contractual obligations related to 
information security.

Downloads

Open PDF file, 265.62 KB,  IS.012 Organization of Information Security Standard (English, PDF 265.62 KB)

Contact

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Referenced Sources:
MGL Chapter 7D, Section 2

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback