All the responsibilities of each authorised individual such as the management and employees will be mentioned separately in the security Policy. Another aspect of the security policy statement would be the responsibility to review and audit, enforcement and implementation of future projects related to the IT. The written policy needs to be consistent, concise, clear and coherent to give easy understanding for the management.