Policies and Procedures

As a company continues to grow in size and complexity, so grows the importance of having formalized policies and procedures for managing IT operations and security. Carefully crafted policies and procedures serve to:

Define IT management objectives
Describe the means to achieve those objectives
Dictate how compliance should be measured and enforced

Illumant has a strong track record of developing IT and security policies and procedures. We develop documents that are:

Aligned with best practices
Compliant with industry-specific regulations
Practical to implement and enforce

We offer a full suite of policy and procedure templates based on best practices, which we can customize to meet your organization's specific needs.

Our documents cover the following policy and procedure domains:

Software/system acquisition - vendor/product due diligence, rollout plans, testing, authorization/approval
Software/system development - user requirements definition, segregation of duties, production migration, functional testing, user acceptance testing
Change control - testing, segregation of duties, production migration, rollbacks, authorization/approval
Access control - authorization and granting of access, password strength/rotation, access reviews, least privilege, termination procedures/access revocation, changes
Security - firewall policies, VPN management, anti-virus program, IDS management, vulnerability assessment
Operations - back-up scheduling, back-up/restore testing, offsite storage, incident response management, SAS70 reviews

The areas above represent the core components of a best practices IT management program and are closely aligned with the frameworks suggested by ISACA, ITGI, ISO and other major standards bodies.