top of page

Information Security Policy & Procedure Development

One of the keys to a successful Information Security Program is the documentation of goals, objectives, direction, policies, and tactical procedures. For most Information Security Frameworks, such as ISO 27000, NIST Cybersecurity Framework, HIPAA Security Rule, COBIT, and AICPA SOC-2 Trust Services Criteria, a good set of Information Security policies and procedures is a requirement, and a starting point for solid governance. 

 

BluTinuity can provide templates for the standards in these Information Security Frameworks, and assist with personalizing them to your organization, as well as providing guidance for effective implementation. We have developed an Information Security Policy template that includes nearly 50 commonly required policies.

Information Security Policies & Procedures often include the following:

  • Security Management

  • Risk Management

  • Information Asset Classification

  • Security Officer Responsibilities

  • Workforce Security & Sanctions

  • Information Access Management

  • Network Security & Protection from Malicious Software

  • Security Awareness & Training

  • Password Management

  • Workstation & Mobile Device Security & Management

  • Security Incident Response

  • Contingency Plans

  • Security Breach

  • Physical Security

BluTinuity can provide templates for the standards in these Information Security Frameworks, and assist with personalizing them to your organization, as well as providing guidance for effective implementation.

Zinatt

"Zinatt has worked closely with Blutinuity for a few years now and we have enjoyed working with Scott as he prepared us for our SOC 2 audit. In working with Scott we are now SOC 2 Type II certified and HIPAA Compliant with the professional guidance he has provided us which is unparallel. We could not have done it without Scott and his knowledge in the tech security space. We will continue to use BluTinuity and would highly recommend to anyone looking to get their SOC 2 certification or any other security certifications/reports for their organization."

Related Blog Posts:

bottom of page