What is Policy & Procedure Development?
Policy and Procedure documents are an aggregate of the directives, regulations, rules, and best practices that prescribes how an organization manages, protects, and distributes information. These documents are intended to direct the actions of organization employees and external parties with respect to the protection of the organization's information and IT systems.
Benefits of a Policy & Procedure Development
Meet Compliance Standards
Ensure your organization meets cybersecurity compliance requirements based on your industry and the types of data you store.
Strengthen Organizational Culture
Enforcing a security program requires creating a consistent information security policy. This helps prevent diverging decisions across departments.
Communicate Security Practices to External Parties
Ensure organization security policy is made easily available to external auditors, contractors and other third parties.
Policy & Procedure Standards
Which Policy & Procedure standard do you need?
The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.
The National Institute of Standards and Technology (NIST) Special Publications (SP) 800-53 provides a catalog of controls that support the development of secure and resilient federal information systems.
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) addresses the use and disclosure of individuals’ health information by organizations, as well as standards for individuals' privacy rights to understand and control how their health information is used.
The Cybersecurity Maturity Model Certification (CMMC) is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB).
The National Institute of Standards and Technology (NIST) Special Publications (SP) 800-17 details how contractors and sub-contractors of Federal agencies should manage Controlled Unclassified Information (CUI).
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.
The General Data Protection Regulation (GDPR) is a European Union law that requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.