Information Management Policy

Contact Us

A key IT policy to protect your information assets

An information asset is any information that has value to your organisation, regardless of how or where it is stored and what form it takes. Within the suite of IT policies provided in Policy Management as a Service is a well written Information Management Policy that can be tailored to help protect your information assets.

Control access to information systems

Prevent unauthorised access

Securely provide access to third parties

What is an information management policy?

An information management policy gives clear direction regarding the creation, capture and management of information assets in order to satisfy business, legal and stakeholder requirements and is just one policy within the suite of IT policies.

What does an information management policy include?

  • The information management responsibilities of users, managers and technical staff
  • Management of information
  • Deletion of information
  • The collection and dissemination of information
  • Information access

How to determine what should be classed as an information asset?

Examples of key questions to consider are:

What value does the asset have to the organisation?

Do we understand what the asset is, and what it is used for?

Could there be a legal, reputational or financial repercussion if the asset cannot be reproduced when required?

Would business operations be affected if the asset could not be easily accessed?

The IT security policy framework that Policy Management as a Service delivers includes a range of related IT policies that support the Information Management Policy - examples include an Access Control Policy, Cloud Computing Policy and Legal Compliance Policy.

The difference between Information Governance and Information Management

To develop an effective Information Management Policy to sit within your suite of IT Policies, you need to have a clear understand of what Information Management does and does not consist of;

Information governance (IG) is focussed on the organisational policies, processes, technologies and strategies that are employed to use information to meet its business needs, comply with legal and industry regulations whilst minimising risks. IG is focussed on the control of information, its creation, valuation, usage, storage, and deletion.

Information management is focussed on the lifecycle of information—the acquisition of information from different sources, custodianship of information, the distribution of information, and the deletion or archiving of information as documented in an organisation’s information governance policies.


Contact Protocol Policy Systems to learn how we assist organisations to put the foundations in place for a secure computing environment.


Contact Us Today

Fill in the form or call us on (UK) +44 845 241 0099 or (NZ) +64 9 570 2233


We make it our business to understand your business and your pain points before we start. Understanding how your organisation operates and the current challenges it may be facing around policy management enables us to develop the right IT Security Policy Framework for your business. Our end goal is to and ensure that our recommendations are the right fit for your business.

Learn more >


Understanding the complex world of IT Polices can be daunting. Our experts work with you to develop and deliver policies that document how digital information is to be managed. The policies are automatically cross referenced to relevant industry standards and best practice including ISO, PCI, PSN and Cyber Essentials. 

Learn more >


We support you in implementing those policies, and continue to do so as they change over time. Updates to the content, standards, mappings, and supporting material are handled by us. Our subject matter experts can also help you adapt and create new policies as your business requirements change.

Learn more >

IT Policy Management Software

We provide a securely hosted, cloud based IT policy management software that’s easy to drive and navigate. For most users, no special training is needed. Admin functions for primary users are easily learned, and backed by supporting material and a dedicated PPS team. Full audit and compliance indexing is provided for IT and GRC personnel.

Learn more >


Contact Us Today

Fill in the form or call us on (UK) +44 845 241 0099 or (NZ) +64 9 570 2233