• Home
  • Consultancy
  • Training
  • Products
  • Events
  • Case Studies
  • About us
Home

Policies & Procedures

The need for Security Policies & Procedures

Security Policies and Procedures are documented and formal statements of the governing rules that regulate how an organisation manages, protects, and uses assets.

As such they represent fundamental components of any security program.

Policies are documents that define the objectives of an organisation and can relate to a whole range of topics, such as Health & Safety, Equal Opportunities and Information Security. Security Policies are statements of any control objective that must be complied with to achieve the business goals of an organisation.

How to develop Policies & Procedures

Standards, procedures, practices and controls are needed to support the policies in order to implement, and enforce them. Procedures specify what must be done in order to comply with the Policy objectives.

Policies are "what" documents, Procedures are "how" documents.

Since most information is processed using computer facilities it is important that formal, complementary procedures are adopted by IT in order to protect its confidentiality, integrity and availability. Key procedures will include those relating to change, incident, configuration, capacity and service management.

URM's consultants have been designing and documenting information security policies and procedures for organisations of all sizes and in all market sectors for many years.

URM's consultants harness this substantial experience and expertise, together with a risk based approach, to design and develop security policies and procedures for customers with a wide variety of requirements. These include customers:

  • Wishing to comply with or certify to ISO 27001
  • Required to comply with Sarbanes-Oxley legislation
  • Needing to meet other corporate governance regulations
  • Aspiring to comply with other forms of recognised best practice such as records management.

URM's success in designing effective solutions is achieved by working closely with customers to ensure that policies and procedures are based on balancing business needs for control, pragmatism and cost effectiveness.

  • Introduction
  • Information Security (ISO 27001)
  • Business Continuity Management (BS 25999)
  • PCI DSS
  • IT Service Management (ITIL & ISO 20000)
  • Data Protection
  • Information Risk Management
  • Software Asset Management
  • Polices & Procedures
  • URM's approach to Polices & Procedures

Copyright © Ultima Risk Management, 2010. All Rights Reserved

  • contact us
  • careers
  • terms of use
  • privacy
  • site map