Well-written policies, procedures and supporting documentation should be written for a specific target audience to provide direction and establish boundaries for acceptable behavior.
When writing policies and procedures, it is important to identify with the reader. Some information security policies are written without consideration of the target audience, making them difficult to follow or implement.
Our Policy and Procedure Services include:
- Validating that policies match current practices
- Reviewing existing policies and procedures to identify gaps and providing our recommendations for improvement
- Establishing organizational-wide information security policies written specifically for the general workforce
- Creating an Information Technology (IT) Security Manual for the policies and procedures written specifically for their target audience
- Creating a cross-walk between the HIPAA Security Rule, the Payment Card Industry Data Security Standard, and Joint Commission applicable standards, and our customer’s policies, procedures and plans