Security Policies

Our goals in Policy Development are to ensure information security policies are:

• Easy to understand
• Relevant
• To the point

From our experience it is all too easy to download a policy template, change a few words around and email a 50+ page policy set to all your staff.  Whilst these policies might cover your HR department’s goals, staff often do not read, comprehend or get the point of what these document sets are trying to achieve.

Policies are far too often seen as “extensions to employment contracts”, but the fact of the matter is, if your staff do not understand them, then even a signed policy set will not offer your business the protection you need.

2-sec’s Policy Development service is not template based.  Our deliverable is a custom Policy Pack that is yours and yours alone.  We will also check Policies work by interviewing your staff, getting their feedback, initiate security awareness campaigns and focus on upping the game.

The confirmation that your staff and suppliers have read and understood your policies is a valuable control and helps ensure the integrity of this control is not compromised.

For companies just starting out with policies, we facilitate an initial planning workshop, involving human resources, asset owners and those responsible for authorizing access to said assets.   This is typically sufficient to generate a draft Information Security Policy and suggested policy framework, that may also include recommendation of the following sub-policies:

• Remote Access Policy
• Personnel Policy
• Asset Classification Policy
• Access Control Policy
• Business Continuity Planning Policy
• Physical Security Policy
• Operations Security Policy
• Systems Development Policy

These sub-policies would require careful planning as would only be applicable to certain portions of your staff.  Additional policies may also be required to complete the policy set.