Definition of the Security Policy and Procedures
At least half of the security of information systems is organizational, so companies need to first define security policies they want to pursue, namely the fundamental and indispensable principles that must be respected in order to protect their information systems. We must also remember that an information system is made up of the hard-copy archive and the computer system itself, or rather the two ways in which the information is handled.
Once the security policies have been determined, they must be spelled out in specific individual procedures aimed at satisfying the principles established in the policy. This means involving the entire company (not just the IT department), as there are procedures that are intended solely for the operators of the IT department, but there are also many other procedures that involve HR, Logistics, Core Business, Administration, Reporting, Treasury, etc.
Naturally, since these procedures must also take into account Corporate Governance, Compliance with the Law and compliance with the company’s various certified management systems, as well as the policies dictated by the international headquarters. Accordingly a high level across-the-board of expertise is required in order to be able to draft effective and efficient procedures.
GetSolution has always boasted this expertise, and has vast international experience in the preparation and drafting of Security Policies and Procedures.