The setting up of a security policy is a structuring step for each firm. Beyond the formalization of rules, it is necessary to take a particular interest in the different approaches of the firm, to enable a change towards more secure practices.

• Do we have to write a unique document or a set of thematic documents?
• What are the security rules we have to formalize?

SCASSI Conseil relies on the ISO 27002 standard in order to recommend tips of good conduct. These allow the different lines of work to rely on comprehensible security specifications according to their specific needs.