The Survey on Information Security - Policy and Practice was conducted by NCC in partnership with Ernst & Young, Computer Weekly and Information Risk Management (IRM). It looks at a range of information security policies and procedures, at the way those policies and procedures are implemented and communicated to staff and the perception of their success in improving information security in the organisation.

It highlights what organisations that are successful at information security do, and shows that if you also do these things you can expect tangible benefits.