Ensuring that all members of staff are aware of and fully comply with the relevant legislation as described in this and other policies. Describing the principals of security and explaining how they shall be implemented in the organization. Introducing a consistent approach to security, ensuring that all members of staff fully understand their own responsibilities. Creating and maintaining within the organization a level of awareness of the need for Information Security as an integral part of the day-to-day business. Protecting information assets under the control of the organization.