|
Maintaining policy and enforcing policy are two crucial tactics to managing risk and to preventing security events from occurring. As required by many clients, ERE both audits and authors a range of IT security, computer security, privacy, compliance, and governance related plans and policy.
Most policy or documentation audits are essentially a gap analysis of what exists vs. what needs to exist, with ERE’s specific recommendations of steps to become compliant. We often provide training as an adjunct to authorship services, to assist the client to maximize their return on investment on new documentation.
Topics In Demand
- Business Continuity Plan.
- Disaster Recover Plan.
- Gap Analysis.
- Governance Model.
- Internet Security Policy.
- Privacy Policy .
- Risk Analysis.
- Security Plan.
- Security Policy.
- Training.
Client Interaction
Both our audit and authorship processes include interviewing various group members within an organization, reading all prior related client documentation and security related audits, and correlating information with observations we make of IT security operations. Interviews typically include end users, middle management, and senior executives.
Benefits
- Clear policy and planning documentation provides actionable direction.
- Actionable direction paves the way for uniformly enforcing policy.
- Uniformly enforcing policy minimizes liability and reduces the chance of problems ever occurring.
- Peace of mind – our recovery and response plans minimize downtime.
- The policy document suggests new processes that intrinsically include audit trails, which greatly pleases external financial auditors.
- One stop for audit, authorship and training.
- ERE impartiality and vendor neutrality provides confidence in the Board Room.
Additional Resources
|
