We can work with you to develop and implement a security governance framework tailored to your organisation, taking in to account the nature and structure of your business, your information assets and your approach to information risk. This can include carrying out high level risk assessments, identifying critical security controls not implemented, drafting and implementing core policies and procedures, creating a suitable incident response plan and applying suitable security governance measures.
We’ll work collaboratively with your team to develop the management framework to ensure it suits your culture and business objectives. Although not an ISO 27001 standard Information Security Management System (ISMS), our approach will start the process of implementing foundational ISMS concepts and requirements. This will enable you to develop the governance framework in to a formal ISMS later, if desirable.
We can develop a comprehensive suite of policies and associated security documentation for you as part of a security governance framework, or as a stand alone policy engagement. All policies, procedures, standards, guidelines and record templates we create will be tailored to your organisation using information we gather from your stakeholders during our engagement.
Common policies and documents we create for clients include: