Cyber Security policy production is a crucial component of an organisations approach to the management of risk and the governance of employee behaviour and use of IT assets. Policies must be created with the target audience and appropriate language used if they are to be practical and effective.
The overarching information security policy should set out the organisation’s business, appetite for risk and the expected standards that its employees are expected to uphold with regard to daily business duties and use of its assets and services.
Associated policies that are placed underneath the organisation information security policies, govern how employees are expected to operate whilst using IT assets and services. They should ensure proportional protection of the organisation, whilst balancing the need for employees to be able to operate effectively during their day to day business function. Policies can also go on to reference more detailed processes and procedures with regard to how specific operations are expected to be delivered.
Prism Infosec’s experience Security and Information Risk Advisors hold a number of workshops with key client stakeholders to understand how the organisation operates, its culture, risk appetite and control requirements.
The cyber security policy production process then produces a set of the policies, using organisational templates and covering standard requirements that are in line with common security best practice as well as bespoke areas that are relevant to the client’s business.
All policies shall be aligned with the ISO 27001 information security management series, to comply with and maintain any existing certification or to ensure readiness for any future accreditation that the business may wish to pursue.
The project will be fully managed by a principal consultant we work with client stakeholders throughout the policy development process, ensuring key project checkpoints and review periods to ensure that when the final policy set is handed over that the client is completely satisfied with the final deliverables.
Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.