Related Links

Security Policies and Procedures

Documented policies and procedures are essential for implementation and management of a robust security program. Carefully crafted policies and procedures serve to:

  • Define IT management objectives
  • Describe the means to achieve those objectives
  • Dictate how compliance should be measured and enforced

We offer a full suite of policies and procedures templates based on best practices and regulatory compliance requirements (including HIPAA, GLB, SOX, PCI, FISMA, etc.). These templates are ready to be customized to your organization's specific needs (view sample).

Our documents cover the following policy and procedures domains:

  • Software/system acquisition - vendor/product due diligence, rollout plans, testing, authorization/approval
  • Software/system development - user requirements definition, segregation of duties, production migration, functional testing, user acceptance testing
  • Change control - testing, segregation of duties, production migration, rollbacks, authorization/approval
  • Access control - authorization and granting of access, password strength/rotation, access reviews, least privilege, termination procedures/access revocation, changes
  • Security - firewall policies, VPN management, anti-virus program, IDS management, vulnerability assessment
  • Operations - back-up scheduling, back-up/restore testing, offsite storage, incident response management, SAS70 reviews
  • Planning and organization - strategic planning, budgeting, monitoring performance, reporting, training

The areas above represent the core components of a best practices IT management program and are closely aligned with the frameworks suggested by ISACA, ITGI, ISO and other major standards bodies. See a complete list of our available policies and procedures templates.

Click here for a quote.

New! Now these policies and procedures can be monitored and enforced using our web-based Control Activity Manager (CAM) software. View a presentation with screen shots of CAM. While policies and procedures documents specify how security is implemented, CAM actually ensures they are executed in an auditable way.

Special offer: When you purchase our policies and procedures templates, you get a free 90 day trial of CAM pre-populated with controls from our templates. Learn more about CAM