Except for the “audit vulnerability scanning policy” and “information sensitivity policy”, security policies adopted by the Centre incorporates most of the components recommended by the SysAdmin, Audit, Network, Security (SANS) Institute.