Defining a clear and concise set of ICT Policies is essential to providing an organisation with the key guidelines to which it should secure and protect business systems. Policies should be easy to read yet provide comprehensive and clear direction to allow the business to meet compliance and regulatory requirements.
We take a practical approach to working assisting clients in the creation and revision of their ICT policies. Policies should be written to not only meet the regulatory requirement but also relevant to the business requirements.
Examples of key policies:
- ICT Risk Management Policy
- Cyber Security or Cloud Security Policy
- Data Privacy and Protection Policy
- Access Control Policy
- IT Security Policy
- Acceptable Use Policy
- Change Control Policy
- User Training/Induction Policy
- Backup and Replication Policy
|ICT Policy Review||Review current policies and provide feedback and recommendations for improvement.|
|Draft ICT Policies||Review current ICT practices, provide recommendations for meeting Essential 8, ISO27001 and NIST requirements. Workshop/discuss and draft policies.|