Skip over navigation
Ultima Risk Management Logo linking to homepage
  • Contact us
  • Site map
  • Home
  • Consultancy
    • Introduction
    • Information Security (ISO 27001)
    • Business Continuity Management (BS 25999)
    • PCI DSS
    • IT Service Management (ITIL & ISO 20000)
    • Data Protection
    • Information Risk Management
    • Software Asset Management
    • Polices & Procedures
  • Training
    • Training Courses
    • CISMP - ISEB Certificate in Information Security Management Principles
    • PCBCM - ISEB Practitioner Certificate in Business Continuity Management
    • PCIRM - ISEB Practitioner Certificate in Information Risk Management
    • SAM - ISEB Certificate in Software Asset Management Essentials
    • PCSAM - ISEB Practitioner Certificate in Software Asset Management
    • BCM - BCI Understanding BCM Principles and Good Practice
    • All other courses
    • Training Schedule
  • Products
    • ISO 27001 Risk Assessment Tool
    • BS 25999 Risk Assessment Tool
  • Events
    • BS 25999 Implementation Seminar
  • Case Studies
    • Audatex - Global first Dual certification
  • About us
    • Company Profile
    • URM's Partners
    • How to contact us
Home / Consulting / Policies & Procedures
getting the balance right
Getting the Balance Right

Policies & Procedures

The need for Security Policies & Procedures

Security Policies and Procedures are documented and formal statements of the governing rules that regulate how an organisation manages, protects, and uses assets.

As such they represent fundamental components of any security program.

Policies are documents that define the objectives of an organisation and can relate to a whole range of topics, such as Health & Safety, Equal Opportunities and Information Security. Security Policies are statements of any control objective that must be complied with to achieve the business goals of an organisation.

How to develop Policies & Procedures

Standards, procedures, practices and controls are needed to support the policies in order to implement, and enforce them. Procedures specify what must be done in order to comply with the Policy objectives.

Policies are "what" documents, Procedures are "how" documents.

Since most information is processed using computer facilities it is important that formal, complementary procedures are adopted by IT in order to protect its confidentiality, integrity and availability. Key procedures will include those relating to change, incident, configuration, capacity and service management.

URM's consultants have been designing and documenting information security policies and procedures for organisations of all sizes and in all market sectors for many years.

URM's consultants harness this substantial experience and expertise, together with a risk based approach, to design and develop security policies and procedures for customers with a wide variety of requirements. These include customers:

  • Wishing to comply with or certify to ISO 27001
  • Required to comply with Sarbanes-Oxley legislation
  • Needing to meet other corporate governance regulations
  • Aspiring to comply with other forms of recognised best practice such as records management.

URM's success in designing effective solutions is achieved by working closely with customers to ensure that policies and procedures are based on balancing business needs for control, pragmatism and cost effectiveness.

  • Introduction
  • Information Security (ISO 27001)
  • Business Continuity Management (BS 25999)
  • PCI DSS
  • IT Service Management (ITIL & ISO 20000)
  • Data Protection
  • Information Risk Management
  • Software Asset Management
  • Polices & Procedures
  • URM's approach to Polices & Procedures

Copyright © Ultima Risk Management, 2008. All Rights Reserved.

contact us | careers | terms of use | privacy | site map