Information security policies are the foundation of any solid information security program. We will either deliver or assist your organization in developing a complete set of comprehensive information security policies to best suit your needs. After development is complete, we will continue to partner with your organization to ensure publishing and effective communication to constituents occurs.
As part of an overall "PRISM" library, our comprehensive set of information security policies will be developed and benchmarked against international standards and industry best practices. Our standard offering includes policies that are benchmarked against the ISO 27000 series of controls. Policies benchmarked against the ISO 27001 international standard comprehensively cover the following topics:
- Information Security Policy
- Organization of Information Security
- Asset Management
- Personnel / Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Information Security Incident Management
- Service Continuity Management
Policies that are benchmarked against CobIT, NIST and other frameworks are also available. Additionally, we focus on best practices from multiple industries, sectors and disciplines when developing and implementing all policies.