What is the purpose of an information security policy?

The purpose of an information security policy is fundamentally to establish a framework for managing and protecting organizational data. Such a policy outlines the principles and guidelines that govern how data and information systems should be handled within the organization. This encompasses risk management, compliance with legal requirements, and the establishment of security measures to safeguard sensitive information from threats and vulnerabilities.

While enforcing compliance and creating redundancy are critical aspects of an organization's overall security posture, they fall under the broader umbrella defined by the information security policy. Similarly, promoting software development strategies can be a part of an organization's operational focus but is not the overarching purpose of the information security policy itself. Thus, the primary function remains centered around protecting and managing data effectively, which is why the selected answer is the most appropriate choice.