Background 4

Information Security Program Manual Objective & Intent 4

Information Security Program Standards Applicability & Scope 5

SCO Information and Information Technologies 5

SCO Facilities and Physical Property 5

The Principles of Due Care & Due Diligence 5

Manual Alignment with Information Security Best Practices 5

Manual Maintenance 6

Information Security Standards 6

Roles and Responsibilities 6

Standards for Information Asset Users 6

Standards for Owners of Information Assets 9

Standards for Custodians of Information 10

Management Security Standards 11

Operational Security Standards 13

Technical Security Standards 18

Privacy Standards 23

500Privacy Standards 23

Glossary of Terms 25

Appendix A: Information Security Incident Categories and Reporting Timeframes 27