I.T. Security Policy

Many of our customers have to meet compliance standards. Whether your compliance needs are necessary to heath care (HIPPA), the payment card industry (PCI) or others, solid security policies are a necessity.
Our internal practices and procedures have been optimized to gather the most significant policy attributes. Over the years we have compiled them into a set of policy standard templates that can be easily customized to meet your needs.

The policy standards we use are cross-referenced and mutually supportive of each other. Something that serious auditors will verify.

Policy Basics

If a sound IT security policy is necessary for compliance, we start with some basic information gathering that drives the rest of the policy.  Mostly this first step consists of identifying key corporate personnel and assigning a set of “roles and responsibilities”. These “roles and responsibilities” are key to delivering a comprehensive and sound corporate security policy.

Policies

Once the roles and responsibilities have been identified we continue with several very simple but important policies. These key policies increase security in any organization dramatically. These initial policies are typically the following:

  • Ethics Policy

  • Information Sensitivity Policy

  • Internet Usage Policy

  • E-mail Usage Policy

  • Password Policy

  • Physical Security Policy

  • Media Destruction Policy

  • Access Control Policy

  • Server Security Policy

  • Anti-Virus Policy

  • Router Security Policy

Once key policies are in place, we marry them to solid configuration standards that cross reference the polices that drive the configuration parameters.

When implemented, this discipline can dramatically increase security and also significantly decrease downtime.

Compliance Approach

Through our vast security experience we have developed a unique approach to addressing compliance and security policy to production networks.

We start with a sound policy, which drives solid, stable and secure configuration standards. Using these important building blocks we implement the compliant systems. Once implemented they are audited for compliance with security policy (A separate entity should be used for the auditing portion).

Once all systems are revealed to be compliant the secure systems are then put into production.

Production systems then impact how the policy should be changed. For example a system may not be able to be secured in precisely the same way a policy dictates. When this occurs exceptions are built into the policy that address the concern of business operations.

Existing Systems

Most systems have been built from the ground up without compliance in mind. Our systems engineers know precisely how to address these types of situations.

Where systems exist, a configuration assessment is performed against the desired policies that apply to its function. Once these are determined, a plan is constructed on how to address each compliance issue. Research is done, and where necessary, policy amendments are implemented.

Other Policies and Configuration Standards

In addition to the polices mentioned we have created many others that are pertinent to today’s complex IT infrastructure. Here is a list of some of the other templates we can customize for your company:

  • Notebook Portable Computer Policy

  • Remote Access Policy

  • Employee Screening Policy

  • Software Development Policy

  • Change Control Policy and Procedures

  • Data Retention Policy

  • Patch Management Policy

  • Virtual Private Network Policy

  • Wireless Communication Policy

  • Incident Response Policy

  • External Repair Policy

  • Visitor Policy

  • Network Log Policy

Also we can help identify key areas in your organization and write custom policies to meet your needs.

With the help of New Eve Technologies, Inc. policies you can increase your security and pass your next audit.