Businesses need written policies that govern various aspects of day-to-day operations as they relate to Information Technology. Here are some of the most common policies that should be implemented and enforced.
Information Security Policy
The purpose of this policy is to provide a security framework that will ensure the protection of information from unauthorized access, loss or damage while supporting open, information-sharing needs. Information may be verbal, digital, and/or hardcopy, individually-controlled or shared, stand-alone or networked, used for administration, research, teaching, or other purposes.
Acceptable Use Policy
An Acceptable Use Policy (AUP), is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used.
Data Privacy Policy
A policy that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data. It fulfills a legal requirement to protect a customer or client’s privacy.
Data Breach Response Policy
This policy provides a process to report suspected thefts involving data, data breaches or exposures (including unauthorized access, use, or disclosure) to appropriate individuals; and to outline the response to a confirmed theft, data breach or exposure based on the type of data involved.
Record Retention & Destruction Policy
The purpose of this policy is to ensure that a company retains its official records in accordance with the requirements of all applicable laws and regulations and to ensure that official records no longer needed by the company are discarded at the proper time. This policy provides guidelines concerning the length of time official records should be retained under ordinary business circumstances, as well as the steps that the company should take in the event of any pending or imminent government (federal, state or local) investigation, audit or proceeding, or any civil or criminal lawsuit involving the company.
WHAT WE DO:
- Assist w/ reviewing, editing, creating and managing security-related documentation.