top of page

Policy & Procedure Development

What is Policy & Procedure Development?

Policy and Procedure documents are an aggregate of the directives, regulations, rules, and best practices that prescribes how an organization manages, protects, and distributes information.  These documents are intended to direct the actions of organization employees and external parties with respect to the protection of the organization's information and IT systems.

Benefits of a Policy & Procedure Development


Meet Compliance Standards

Ensure your organization meets cybersecurity compliance requirements based on your industry and the types of data you store.


Strengthen Organizational Culture

Enforcing a security program requires creating a consistent information security policy. This helps prevent diverging decisions across departments.


Communicate Security Practices to External Parties

Ensure organization security policy is made easily available to external auditors, contractors and other third parties.

Policy & Procedure Standards

Which Policy & Procedure standard do you need?


The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.

NIST 800-53

The National Institute of Standards and Technology (NIST) Special Publications (SP) 800-53 provides a catalog of controls that support the development of secure and resilient federal information systems.


The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) addresses the use and disclosure of individuals’ health information by organizations, as well as standards for individuals' privacy rights to understand and control how their health information is used.


The Cybersecurity Maturity Model Certification (CMMC) is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). 

NIST 800-171

The National Institute of Standards and Technology (NIST) Special Publications (SP) 800-17 details how contractors and sub-contractors of Federal agencies should manage Controlled Unclassified Information (CUI).


The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.


The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.


The General Data Protection Regulation (GDPR) is a European Union law that requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.

Ready to discuss your cybersecurity challenges?

bottom of page