top of page
Spikes

Security Policies

​

Why is this needed?

Most organisations have a wide range of technology in use and managing such technology and safeguarding the information stored requires a structured approach. The extent and complexity of the technology will vary from one organisation to another, but the policies and processes required are likely to be very similar.

As any organisation grows over time, security policies tend to be overlooked and implementing such policies not necessarily considered urgent. It is clear from the Cyber Essentials certifications we conduct and from talking to our clients that there is a demand for routines to help manage the systems in use throughout the year and not just when preparing for the Cyber Essentials renewals. Moreover, implementing such policies is widely considered best practice and overlaps with the requirements of Information Privacy legislation and in some areas with Human Resources.

What do the Policies look like?

We have developed a collection of policies which are straight forward to understand and easy to personalise to each organisation. We have aligned the policies with the requirements of the IASME Cyber Assurance information security standard (version 6). This standard has been developed by IASME and is required by a number of Government bodies as an alternative for small and medium sized organisations to the ISO 27001 international standard.

The collection is broken down into 3 groups: - i) Information Security Management System (ISMS); ii) Information Privacy; and iii) Human Resources (HR). In some cases, the suggested policy may already have already been developed.

Information Security Management System (ISMS)

The polices and documents included comprise the following: -

  1. Information Security Statement

  2. Information Security Policy

  3. Information Asset Register

  4. Risk Register and Treatment Plan

  5. Compliance Policy

  6. Incident Management Policy

  7. Business Continuity and Recovery Plan

  8. System Management Policy

Information Privacy

  1. Privacy Policy

  2. Data Protection Policy

  3. Data Retention Policy

  4. Data Deletion and Destruction Policy (including Data Destruction Log)

  5. Data Protection Impact Assessment Policy (DPIA)

Human Resources

  1. Recruitment, Induction and Leaver Policy

  2. Employee Training Policy

  3. Grievance Policy

  4. Disciplinary Procedure Policy

  5. Code of Conduct Policy

Service setup

There are two options to creating and implementing the Security Policies: - i) Template Purchase - the templates are provided in Word format to be developed and personalised for the organisation; or ii) Policy Assistance - employ us to guide and assist you in creating and implementing the policies.

The templates contain wording that is common to most organisations and can be readily amended. In some instances, only examples are provided such as with Asset and Risk Registers.

The amount of assistance required will vary from organisation to organisation and will also depend upon the experience and knowledge of those involved in the project. We will be pleased to assess the likely time required to complete the process during an initial meeting.

Pricing - Two options

The pricing for the two options is set out in the table below: -

​

Option                           Group                                                                               Price

Template Purchase           

  • Information Security Management System                              £250.00

  • Information Privacy                                                                          £175.00

  • Human Resources                                                                            £175.00

  • All Groups                                                                                            £450.00

​

Assistance                          Pricing as above for the templates

Assistance charges: -

  • 1 Hour                                                                                                   £150.00

  • 1 Half-day (3.5 hours)                                                                        £450.00

  • 1 Day (7 hours)                                                                                    £800.00

Charges are invoiced monthly in arrears and based on lowest charge, e.g. 3 consecutive hours are charged as a half day.

​

Benefits

The implementation of the Security Standards will enable the organisation to introduce processes into the normal day to day working that will manage systems used to process data in a structured manner. The senior management and all users will have clear guidance on roles and responsibilities about the use and maintenance of organisational systems and information.

Businesses and charities of all sizes are being asked more often to demonstrate their information security posture and these Security Policies will help demonstrate the approach being taken. Organisations which are: - part of a supply chain; involved in certain Government contracts; and in some cases when applying for insurance renewals, will find the Security Policies helpful in dealing with such enquiries.

In addition, the policies are the perfect springboard to achieving the IASME Cyber Assurance standard and comply with the Cyber Essentials security standards. Both of these standards are used as compliance requirements in tendering for Government contracts and also to meet customers’ requirements.

Service ordering

You can start an initial enquiry or request further details by emailing us using this link - Security Policies

Businessman typing on laptop

Introduction to

Cyber Security

and

Cyber Crime

Phishing
Malware
Social Engineering
Ransomware

Laptop

Staying

Cyber

Safe

Password Security
Safe Web Browsing
Social Media Best Practices
Internet of Things (IoT)

Traveling with Handbag

Working

on the Move

and Remotely

Travel Security
Working Remotely
Mobile Security
Removable Media

Image by Elisa Ventur

Don’t be

Cyber

Compromised

Business Email
Compromise
Cloud Security
Public Wi-Fi
Insider Threats

bottom of page