Does ‘good’ mean it’s clearly written and easy to understand by all your staff, or does it simply mean that it now includes a section dealing with mobile devices such as PDAs and USB sticks? The primary aim of your information security policy must be to enable your organisation and all of your employees to operate in a safe and secure manner. An appropriate policy, effectively applied, should minimise the potential for security breaches, adhere to the latest standards and ensure your organisation remains legally compliant.