Policy & Standards
Since this framework is rather comprehensive, it takes a while to fully comprehend and appreciate it. More often than not we are asked the following question:
Where do I start?
Our answer to this question is the Information Security Policy / Standard Framework.
This framework is based on multiple international standards. It forms an integrated system from governance to operation, including
- A single, overall policy,
- 11 domain standards, following the ISO/IEC 17799:2005 standard's structure,
- Specific purpose standards focusing on operational aspects such as
- Password Management
- Wireless, etc., and
- Baselines, Guidelines, Procedures, etc.
These documents (excluding Guidelines, Procedures etc.) are available for purchase through a licensing system. Since Guidelines, Procedures, etc. are organisation specific, they are individually developed, based on the incorporated entity's requirements.
Using such a policy/standards hierarchy is beneficial because
- It is based on multiple international standards
- Simplicity is preserved
- Clarity is provided throughout the whole hierarchy of documents
- Controls are developed gradually and granularly
- Protection is built in against contradicting statements at different levels of the hieraerchy
Further information and detailed explanations on our Information Security Policy / Standard Framework is available here.
For relevant capabilities please read the Security Policy and Security Standards sections in the Document Development category here.
If we can assist you in any ways please feel free to contact us for further information. Our consultants will be happy to assist you with your enquiry.