Compliance Documentation Toolkit
The toolkits are designed to provide organizations with the tools to develop, adopt and engage information security standards and policies that address regulatory concerns related to PCI DSS, HIPAA, GDPR, SOX, FFIEC and meet requirements of Electronic Money Institutions
Toolkit: Modular content, holistic approach
The toolkits are aimed primarily at decision-makers involved in the development and deployment of a regulatory compliance solution, including both public and private entities. Toolkit contributors plan to use the toolkit by:
- Designing a compliant solution, equipped with leading practices from legal and regulator compliance specialists
- Drafting technical and non-technical drivers of effectiveness for compliance projects based on toolkit content
- Picking the leading approach and solution for an organization’s unique environment and taking a proactive approach to the mitigation of new risks
- Sharing it with stakeholders, and partners, focusing on deriving value from regulatory compliance and leveling the playing field for Subject Matter Experts (SMEs)
Embrace Governance. Lead with confidence.
By decision makers, for decision makers
Good cyber security isn’t just about having good technology, it’s about people having a good relationship with security, and having the right processes in place across the organization to manage it. A cyber security incident will affect the whole organization – not just the IT department.
The compliance toolkits are actionable, relevant, and user-friendly for building and scaling well-thought-out compliance solutions. Based on world-class information gathered and synthesized in collaboration with several industry leaders, the toolkit draws upon more than 40 global security and privacy policies, procedures, standards, and guidelines allowing users to cut through the compliance hype and helping decision-makers navigate their corporate information governance program.
Toolkit Contents at Glance
- Information Security Policy
- Asset Classification Procedure
- Physical Access Procedure
- Human Resource Policy
- Network Security Policy
- Password Management Policy
- Physical Access Policy
- Remote Access Policy
- Third Party Management Policy
- Risk Assessment Methodology
- Access Control Policy
- Data Privacy Policy
- Technology Usage Policy
- Change Management Policy
- Data Encryption Policy
- Application Security Standard
- Incident Management Response Plan
- Vulnerability Management Policy
- Audit Logging and Monitoring Policy
- Vulnerability Management Procedures
- Firewall Configuration Standard
- Patch Management Policy
- Router Configuration Standard
- Data Retention Retrieval & Secure Disposal Policy
- System Configuration Standard
- Malicious Code Policy
- Wireless Configuration Standard
- Change Management
- Application Developmenet Policy
Comprehensive toolkits for developing compliance solutions
PCI DSS Documentation Toolkit
Focus all 12 sections of the PCI DSS Standard with customisable templates, policies, procedures, work instructions and records. Developed by a PCI QSA’s to ensure complete compliance with the latest iteration of the Standard
ISO 27001 Toolkit
Ensure compliance with ISO 27000 standards, with more than 140 pre-written, customizable templates, policies, procedures, and documents developed by the ISO 27001 Lead auditors and cyber law professionals.
ISO 20000 Toolkit
Ensure compliance with ISO 20000 standard, with more than 80 pre-written, customizable templates, policies, procedures, work instructions, and records developed by ISO 20000 lead auditors and ITSM experts.
GDPR Documentation Toolkit
Ensure GDPR Compliance with more than 80 customisable GDPR-compliant templates, policies, procedures and work instructions developed by lawyers and expert privacy practitioners