The Policy feature offers an information security policy crafted specifically for your organization, its culture and its regulatory requirements, such as HIPAA, PCI or GLBA.
The information security policy is a key element which defines how your organization manages its cyber risk and interactions with its information assets. Many regulatory requirements require a Security Policy. We will create a new modern policy for you which is PCI and ISO 27001 compliant.
The Small Business Security Policy development will create an ISO 27001 compliant Information Security Policy for your organization. This engagement will collect existing written and unwritten policies focused on information security and integrate them into a new comprehensive policy covering the security objectives required in the ISO 27001 standard.
OBJECTIVES | The first phase involve formally defining the security objectives for the organization based on scope of the assets to be protected defined in part one’s efforts.
DRAFT | This phase will involve gathering information about the current state of information security policies, current formatting and communication style of organizational policies and develop a first draft policy for review.
REVISIONS | The revision phase will involve several meetings to align the language, syntax and feeling of the document with the organization. The revision process allows for three cycles of changes to the Draft moving the document set to a pre-final state.
FINAL | The final policy document will be prepared and submitted in a digital Adobe PDF format such and Microsoft Word for inclusion into your organization policy manuals and / or Intranet.
DELIVERABLE | Digital delivery of an ISO 27001 compliant information security policy including access control, supplier security and acceptable use policies.
Typical Policy Contents:
- Information Security Responsibilities
- Information Sensitivity Classification
- Access Control
- Fixed Password Management
- Acceptable Use
- Third-Party Disclosures
- Establishing Network Connections
- Electronic Mail
- Printing, Copying and Fax Transmission
- Mobile Computing And Remote Access
- Mobile Device Policy
- Personal Use Of Information Systems
- Intellectual Property Rights
- Viruses, Malicious Software, And Change Control
- System Life-Cycle
- Systems Development
- Third-Party Access
- Physical and Environmental Security
- Reporting Problems
- Non-Compliance Situations
- Related Documents
- Approval and Ownership
- Revision History
The Small Business Policy Development will deliver a complete ISO 27001 compliant Information Security Policy.
- ISO 27001 compliant Information Security Policy
- Regulatory compliance: PCI DSS & HIPAA
- Define how your staff will interact with your information assets