The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business
14.2.1An Information security policy must be implemented prescribing controls on usage of emails, internet browsing, passwords, workstations, data communication, network security, etc.;
14.2.2The Information security policy must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) and must be communicated to all employees and obtain their acknowledgement; and
14.2.3Information security policy must be reviewed annually at a minimum.