IT Security Policy Creation

For a policy to be of any value it must reflect the actual circumstances of the business and the practices therein. The auditing of any policy by a third party will usually require demonstrable evidence of the policy in practice. For this reason, we begin with a standardised auditing and reporting system we have developed to get a comprehensive view of all aspects of current practice. We present this information to the client identifying the inherent risks, if any. At this point the business can decide on whether or not these risks are tolerable or acceptable, or if they need to be addressed.

Once practices are finalised, we draft an IT Security Policy that reflects reality. Frequently, these audits, together with the policy generation, highlight areas of the business that are going well, or areas that need attention. It is recommended that these policies are reviewed annually to maintain compliance/relevance.