Security Policy Management

In order to effectively have security compliance management in an organization, controls, policies, standards must be established. To establish these a risk assessment must be performed to understand what risks are present. The risks identified translate to areas where controls must identified, designed and test to validate risk mitigation results from putting the control place.

To ensure your organization has governance to maintain the awareness of the control, policies and standards are developed. Some of these policies for information security often may include a:

  • Access Control Policy
  • Commercial Email Policy
  • Data Classification Policy
  • Removable Media Policy
  • Endpoint Security Policy
  • Information Security Policy
  • Network Security Policy
  • Vulnerability Management Policy
  • … and much more!

One of the key differences in a policy versus a standard versus a control is the use of one of two verbs: SHALL or MUST. The reasoning for using one of these two verbs is policies serve as governance for an organization.

Within these policies, each policy must have the following:

  • The background to the policy, commonly known as the introduction;
  • The scope to which the policy applies (remember this is a governance document);
  • The approvals of when and by whom the policy was approved;
  • The action that needs to be taken if a policy cannot be followed; and
  • The consequence for non-compliance.

Gilliam Security has designed a set of policies that can serve as a template for your organization to build from. As part of this service, we provide multiple options to help your organization.

Take care of it!

Gilliam Security will create and maintain your policies sending your updates at least annually.

  • No effort on your part as you will receive PDF files with your company logo each year.
  • If a new regulation or compliance requirement is announced, we will update your policy and send it you.
$12000 / year

Let me help out!

Gilliam Security will work with you and the team to understand what policies need to be in place.

  • We will send you updated policies each year via a Microsoft Word document and provide feedback on what has been updated.
  • We will advise you throughout the year of regulatory changes within scope of your policy.
$9000 / year

Give me the docs!

Gilliam Security will provide you updated word document templates annually for you to update as you please.

  • We will send you updated policies each year via a Microsoft Word document.
  • We promise not to bug you throughout the year as changes take place.
$5000 / year

Reach out to us on the Contact Us page (link) and we can start helping you today. We look forward to hearing from you!