Policy and Procedure Packs
Security policies are intended to define what is expected from employees within an organisation with respect to information systems. The objective is to guide or control the use of systems to reduce the risk to information assets. It also gives the staff who are dealing with information systems an acceptable use policy, explaining what is allowed and what not. Security policies of all companies are not same, but the key motive behind them is to protect assets.
PCI v3.1 Ready - Policy Pack
Security policies are also required by a number of industry standards and regulations such as PCI-DSS and POPI. eli5 Consulting provides a PCI-DSS pre-written policy and template pack, which has been mapped to the PCI v3.1 standard. The policy pack is ready to go, contains all policy statements required by PCI-DSS, system configuration standards (for popular system types) and includes templates for all supporting forms. - contact us NOW for our latest pricing!
It is generally regarded as good practice to perform both an internal and external penetration test at least annually or directly after any significant change is made to your environment. Companies seeking PCI-DSS certification are required to conduct an internal and external penetration test annually.
|Information Security Policy||POL01_ISP|
|Access Control Policy||POL02_AP|
|Acceptable Usage Policy||POL03_AUP|
|Roles and Responsibilities Policy||POL06_RRP|
|Change Management Policy||POL07_CMP|
|Data Management Policy||POL08_DMP|
|Third Party Policy||POL10_TPP|
|Software Development Policy||POL11_SDP|
|PCI Compliance Policy||POL12_PCP|
|POPIA Compliance Policy||POL13_POPCP|
|Facility Security Policy||POL13_FSP|
- User Authorisation Form
- Change Control Form
- System Configuration Record Template
- Network Connection Register Template
System Configuration Standard
A single configuration standard, supported by the CIS benchmarks, covering:
- Servers: Windows, Linux
- Desktops: Windows, MacOSX, Linux
- Network: Firewalls, Switches, Routers
How do i Implement?
The pack consists of 14 policies, 4 supporting form templates and 1 system configuration standard which is supported by CIS benchmarks.
- We have made it easy for you to customise the policy pack, start by adding your company name by simply replacing "Company Name" with your specific information.
- In order to implement and operationalise the policies into your organisation, it is firstly important that the responsible parties thoroughly read and understand all the content. Consider holding a “workshop” to get the buy in from management.
- Now that your have the required “roadmap”, conduct an assessment to understand how well you currently align to the policies. From this process you will identify areas where remedial effort is required.
- Strive for full compliance to the policies and standards. Tip: Gather and store compliance evidence, as it can greatly improve your audit and assessment process.
The pack is purchased “once-off” for internal use by a single company and is digitally delivered in either docx (win) or pages format (mac). As this is an evolving document, additions such as new policies or modifications to existing policies may take place in order to ensure the completeness of the pack.
Purchaser’s of this pack will receive courtesy copies of updated policies, as well as any NEW policies at no charge during the year of purchase.