Policy and Procedure Development

Information security policies establish goals and objectives based upon information security requirements. Information security procedures define the required actions to achieve the goal.

Does your organization process credit card data? You have a requirement to protect card holder data. You need a policy clearly stating that requirement as a goal. You also need to define the procedures your organization will follow to achieve the goal.

Does your organization store nonpublic consumer information? You have an obligation to protect that information from unauthorized access. You need a policy that clearly states you will achieve that goal. Your organization must have defined procedures for attaining the objective.

The Governance and Strategy Team at Halock Security Labs writes policies and procedures for a number of clients in order to satisfy requirements arising from HIPAA, PCI, GLBA, SOX and other legislative, regulatory or contractual obligations. Our approach to policy development emphasizes concise statement of context and purpose, focus on key concepts and clearly stated policy directives that are accessible to the target audience. The supporting procedures capitalize upon Halock's extensive experience deploying security solutions providing clients with workable procedures that fit their operational environment.

Using ISO 27001 to maximize your security investment:

As security breaches intensify and regulations multiply, the need for a framework to manage vulnerabilities is eminent. ISO 27001/27002 provides the guidance to initiate, build, manage, and assess information security within any organization.