top of page

Information Security Policy & Procedure Development

One of the keys to a successful Information Security Program is the documentation of goals, objectives, direction, policies, and tactical procedures. For most Information Security Frameworks, such as ISO 27000, NIST Cybersecurity Framework, HIPAA Security Rule, COBIT, and AICPA SOC-2 Trust Services Criteria, a good set of Information Security policies and procedures is a requirement, and a starting point for solid governance. 


BluTinuity can provide templates for the standards in these Information Security Frameworks, and assist with personalizing them to your organization, as well as providing guidance for effective implementation. We have developed an Information Security Policy template that includes nearly 50 commonly required policies.

Information Security Policies & Procedures often include the following:

  • Security Management

  • Risk Management

  • Information Asset Classification

  • Security Officer Responsibilities

  • Workforce Security & Sanctions

  • Information Access Management

  • Security Awareness & Training

  • Network Security & Protection from Malicious Software

  • Password Management

  • Workstation & Mobile Device Security & Management

  • Security Incident Response

  • Contingency Plans

  • Security Breach

  • Physical Security

bottom of page