Communicating senior management policy directives to all affected individuals defines the relationship between information security and other departments. The policy document conveys management's intent regarding information security concerns and describes the organizational structure and associated responsibilities of personnel who will be charged with implementing the policy.