Security Policy & Procedure Development - Private Sector

• Development of ISO 17799 / ISO 27001 (BS 7799) compliant policies
• Development of bespoke information security policies to customer requirements
• Development of procedural documents in support of the information security policy (including technical document development)

A security policy forms the basis of an organisations information security strategy and is an essential requirement for ISO 17799 / ISO 27001. It provides evidence of the management direction and support for information security, defines responsibilities, and enables an organisation to specify the procedures in place to protect its important information assets. Based upon the basic information security principles of Confidentiality, Integrity and Availability, it enables an organisation to clearly define its approach to security and it’s responsibilities under criminal law as well as statutory, regulatory and contractual requirements.

ISS consultants have many years of experience in the field of Security Policy development, from comprehensive information security policy documents to more specific user guidance and procedural documents.