This policy outlines the necessary components of a successful information security program. Effective adoption and implementation of the components outlined in this policy will provide the Ohio Department of Administrative Services (DAS) with a solid foundation on which to build the state’s information security program.