Policies and Procedures Review
It’s not enough to develop policies and procedures. A review should be conducted on a regular basis in order to ensure that the information security policies are developed to reflect standards and best practices and measure any existing expectation gaps. Consequently, updating policies and procedures are beneficial for the organization for several reasons:
- When new regulations are published, review should be conducted to make sure they meet the new requirements.
- It’s rare, but standards might evolve over year.
- You could add, delete or change an activity or task executed by end users.
- You could buy new products for business needs (mail server, proxy, etc.)
- The technology is growing so fast that a year earlier your password could be 8 characters and 60 days’ lifetime. Now it’s 10 characters and 45 days.
Standards & Best Practices compliance
All of our policies and procedures are done based on the local regulations, international standards and best practices. Compliance with standards and best practices ensure the organization have efficient controls in place. In fact, our consultants have the required expertise to review existing information security controls within the process of establishment of an Information Security Management System (ISMS) based on ISO 27001 standard or the defined requirements of the PCI DSS.