Information Security Policy & Procedure Development

One of the keys to a successful Information Security Program is the documentation of goals, objectives, direction, policies, and tactical procedures. For most Information Security Frameworks, such as ISO 27000, NIST Cybersecurity Framework, HIPAA Security Rule, COBIT, and AICPA Trust Services Principles, a good set of Information Security policies and procedures is a requirement, and a starting point for solid governance. 


BluTinuity can provide templates for the standards in these Information Security Frameworks, and assist with personalizing them to your organization, as well as providing guidance for effective implementation. 

Information Security Policies & Procedures often include the following:

  • Security Management

  • Risk Management

  • Information Asset Classification

  • Security Officer Responsibilities

  • Workforce Security & Sanctions

  • Information Access Management

  • Security Awareness & Training

  • Network Security & Protection from Malicious Software

  • Password Management

  • Workstation & Mobile Device Security & Management

  • Security Incident Response

  • Contingency Plans

  • Security Breach

  • Physical Security

© 2011—2020 by BluTinuity, LLC