Creating and reviewing policies and system documentation

Creating and reviewing information security policies and IT system documentation

Today, many organizations can not operate without a computer based information system. Operation and processes need to be documented both for the stability of the company and for legal compliance. There are rules and recommendations in place for the creation of processes, and there are also standards for the reduction of security risks.

Secure operation is subject to the establishment of and compliance with rules. The system-related activities of the organizational units using, developing or operating the systems need to be documented. Along with other documentation, operating and user manuals need to be prepared. The creation of security policies should be based on system design and system documentation. Where required, we can carry out these tasks, or review and update existing documentation.

To ensure smooth business operations, mandatory security rules must be developed. These should describe the organizational and activity items and obligations necessary for the secure operation of system elements. To ensure the proper functioning of business processes, information security, data protection, Internet use, etc. policies must be created and maintained. In addition to creating such policies, they must be reviewed annually, and any necessary changes must be implemented. Policies most commonly do not include any problems, but, in case of a company in a very advanced stage, the system of rules may contain overlaps, or may be far too complex, difficult to understand or obsolete. In other cases, system hierarchy is not designed properly.

We help you with these functions, and develop your information security policies (e.g. IT Security Policy), consolidate or simplify your system, ensure compliance with applicable standards, provide auditing services based on the relevant rules, or develop an information process control system for you.

Upon request, we can provide training so that your users get familiar with the new policies and the associated processes.

Methodology used for the above purposes:
Adaptation of ISO27001, ISACA (CISA, CISM), Cobit, ITIL processes and regulation to the given environment.