Home :: Business Solutions: IT Security Services :: Policy, Standards and Procedures
Policy, Standards and Procedures
The policy, standards and procedures section determines the corporation's existing environment and compares that to industry best practices. This section reviews legal, IT security policies, corporate standards and procedures, change management and privacy issues.
Corporate policies regarding the security aspects of contracting, asset purchasing, separation of duties and accountability are examined. Internal audit processes are also reviewed to ensure appropriate internal audit measures are in place.
Finally, security budgeting is examined to compare the amounts budgets against best industry practices.
Additional audit activities can include industry specific criteria in such areas as banking, intellectual property, consulting practices, pharmaceuticals, engineering and manufacturing.