Compliance_

Policy and Procedure Packs

Security policies are intended to define what is expected from employees within an organisation with respect to information systems. The objective is to guide or control the use of systems to reduce the risk to information assets. It also gives the staff who are dealing with information systems an acceptable use policy, explaining what is allowed and what not. Security policies of all companies are not same, but the key motive behind them is to protect assets.

PCI v3.1 Ready - Policy Pack

Security policies are also required by a number of industry standards and regulations such as PCI-DSS and POPI. eli5 Consulting provides a PCI-DSS pre-written policy and template pack, which has been mapped to the PCI v3.1 standard. The policy pack is ready to go, contains all policy statements required by PCI-DSS, system configuration standards (for popular system types) and includes templates for all supporting forms. - contact us NOW for our latest pricing!

Contents

It is generally regarded as good practice to perform both an internal and external penetration test at least annually or directly after any significant change is made to your environment. Companies seeking PCI-DSS certification are required to conduct an internal and external penetration test annually.

Policy Accompanying Document
Information Security Policy POL01_ISP
Access Control Policy POL02_AP
Acceptable Usage Policy POL03_AUP
AntiVirus Policy POL04_AVP
Password Policy POL05_PP
Roles and Responsibilities Policy POL06_RRP
Change Management Policy POL07_CMP
Data Management Policy POL08_DMP
Encryption Policy POL09_EP
Third Party Policy POL10_TPP
Software Development Policy POL11_SDP
PCI Compliance Policy POL12_PCP
POPIA Compliance Policy POL13_POPCP
Facility Security Policy POL13_FSP

Template

  • User Authorisation Form
  • Change Control Form
  • System Configuration Record Template
  • Network Connection Register Template

System Configuration Standard

A single configuration standard, supported by the CIS benchmarks, covering:

  • Servers: Windows, Linux
  • Desktops: Windows, MacOSX, Linux
  • Network: Firewalls, Switches, Routers

How do i Implement?

The pack consists of 14 policies, 4 supporting form templates and 1 system configuration standard which is supported by CIS benchmarks.

  1. We have made it easy for you to customise the policy pack, start by adding your company name by simply replacing "Company Name" with your specific information.
  2. In order to implement and operationalise the policies into your organisation, it is firstly important that the responsible parties thoroughly read and understand all the content. Consider holding a “workshop” to get the buy in from management.
  3. Now that your have the required “roadmap”, conduct an assessment to understand how well you currently align to the policies. From this process you will identify areas where remedial effort is required.
  4. Strive for full compliance to the policies and standards. Tip: Gather and store compliance evidence, as it can greatly improve your audit and assessment process.

Purchasing Information

The pack is purchased “once-off” for internal use by a single company and is digitally delivered in either docx (win) or pages format (mac). As this is an evolving document, additions such as new policies or modifications to existing policies may take place in order to ensure the completeness of the pack.

Purchaser’s of this pack will receive courtesy copies of updated policies, as well as any NEW policies at no charge during the year of purchase.

Twitter

" What a scammer reddit.com/r/gifs/comment… "