Small Business Policy Development | The Small Business Security Policy Development engagement will create an ISO 27001 compliant Information Security Policy for your organization. This engagement will collect existing written and unwritten policies focused on information security and integrate them into a new comprehensive policy covering the security objectives required in the ISO 27001 standard.
OBJECTIVES | The first phase involve formally defining the security objectives for the organization based on scope of the assets to be protected defined in part one’s efforts.
DRAFT | This phase will involve gathering information about the current state of information security policies, current formatting and communication style of organizational policies and develop a first draft policy for review.
REVISIONS | The revision phase will involve several meetings to align the language, syntax and feeling of the document with the organization. The revision process allows for three cycles of changes to the Draft moving the document set to a pre-final state.
FINAL | The final policy document will be prepared and submitted in a digital Adobe PDF format such and Microsoft Word for inclusion into your organization policy manuals and / or Intranet.
DELIVERABLE | Digital delivery of an ISO 27001 compliant information security policy including access control, supplier security and acceptable use policies.
Typical Policy Contents:
This engagement is the third piece of a more robust small business cyber security program called the Small Business Cyber Program Management (SBCPM) solution. The Small Business Policy Development will deliver a complete ISO 27001 compliant Information Security Policy.
This engagement is stage three of the Small Business Cyber Program Management solution.