Policy and Procedure Development
An effective information security framework is driven by a solid policy backing. Policies do not work unless they are
- Relevant – timely and relevant to the scope. An outdated policy is as good as no policy at all.
- Comprehensive – takes all influencing factors into account, the most important and complex of which is compliance. An ideal policy will meet the mandates of all applicable compliance standards in the organization, like ISO 27001, PCI DSS, HIPAA, etc.
- Use Simple Language – complex verbiage is not properly understood and runs the risk of being implemented in the wrong way.
- Accessible – shared on a commonly accessibly platform to authorized entities
How SISA can help
With years of experience in security consulting and implementation, SISA understands how a good policy and procedure works. Combine that with our expertise in org-specific documentation -, ie one, which uses the language that your organization speaks and understands, and you have a venerable partner to bank on.
Our approach consists of the following steps:
- Collection of Information
- Drafting and Internal Review of Policies and Procedures
- Client review – the documents are reviewed by your personnel
- Release – the policies and procedures go live within your organization
- Implementation – the policies and procedures are incorporated with your requirements, eg. Compliance
- Maintenance – the policies and procedures are reviewed and modified as per changes in the organizational environment on a periodic basis.