Whether or not you are compelled to apply policies to comply with the various standards, you should familiarize yourself with what is required. My recommendation would be to start by taking the time to study the ISO 27001 standard to gain an overall view of what is required to have an effective information security policy and in conjunction look at the requirements of the Payment Card Industry (PCI) standard. Although the PCI standard is intended for organisations that deal with credit card transactions it offers a very practical guide to what should be done on a practical level in many areas, and will ensure that you have taken adequate precautions to protect yourself and your business.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.