Policy & Process Documentation

how can we help you?

Contact us at info@symosis.com to get started, or request a callback by submitting the form below.

In terms of policies and procedures, the main challenge for organizations is to understand which need to be in place, when to roll them out and how to maintain them up to date. In that respect, it is key for organizations to ensure that there is a framework to establish and maintain policies and procedures in the first place. Whilst this could be seen as a framework within a wider security framework, it will make much more practical and effective to manage security P&Ps. One key factor is to make sure that a document management and version control P&P is put in place clearly stating who the owner of each policy is, how often they need to be updated or reviewed and what the policy “governs”. This will inform how the rest of the policies and procedures are to be designed and managed.

Symosis provides policy and procedure templates and will work with you to customize them to your environment and periodically update them to ensure your security program meets compliance ad industry best practices. Here is a sample list of policy and procedure documentation that we can help you create and maintain

Physical Security
• Building Alarms
• Office Access
• Corporate Identity Card and/or Access Management Policy
• Key Management Policy

People Security Policies and Procedures
• Employee Background Checks (depending on applicable laws)
• Reference checking policy
• On-borading Training Policy

Data Security Policies and Procedures
• Data Protection Compliance Policy (EU Data Protection—where applicable)
• Intellectual Property Rights (IPR) and copyright strategy
• Third Party Consulting Contracts Security Reviews
• Spam handling procedures (incoming and outgoing Spam from a legal perspective—e.g. Spam Can Act and equivalent)

Data Security P&Ps (Operational and Security Aspects)
• Data Classification Policy —Public / Confidential / Highly Confidential
• Phone Usage Policy
• Cross Skilling policy
•SDLC Policy—Security during project lifecycles IT Security Policies

Documentation Work, Support and Shared Knowledge Base policies
• Ecosystem Diagrams
• Network Diagrams

IT Technical Solutions Security P&Ps
• Generic Security Architecture and Network Scalability Strategy
• Systems Management & Security Event Management P&P
• Firewall
• Anti-Virus and Anti-Spam
• Green IT Strategies

Disaster Recovery and Business Continuity
• Business Continuity (BC) and Disaster Recovery (DR) related policies
• Emergency Response Plans