Documents, Policies, Etc
Use this template policies, standards and procedures to document how Internal Controls should be designed, build and most importantly systematcially operated. These documents link to Internal Controls and Compliance Requirements.
35
0%
Current Policies
0
0%
New Policies
0
0%
Updated Policies
|
Actions
|
Title | Short Description | Version | Internal Controls |
|---|---|---|---|---|
|
Acceptable use of Assets
|
Policy that describes norms of use for assets provided by the organisation
|
1.2
|
||
|
Account Management Procedures
|
This procedure describes the steps validations and approvals required to obtain credentails in any technology system that requires them in order to operate.
|
1.6
|
Active Directory User Reviews Database Administrator Account Reviews CRM Application - Account Reviews AD Group Reviews Service Accounts Reviews High Privilege Service Accounts XERO Account Reviews Google Apps 2-Factor User Access Maintenance Request Employee Account Provisioning and Deprovisioning Review | |
|
Backup Policies
|
This document governs data backups and retention as well as the processes to manage and ensure this standards are met
|
1.3
|
Backups | |
|
Card Holder Standards
|
This document describes the standards for handling cardholder data
|
1.4
|
||
|
Change Management Procedure
|
This procedure describes the steps required to change any piece of technological equipment.
|
1.2
|
DMZ Firewall Reviews Standard Server Build - Linux Standard Server Build - Windows Change Mgt Reviews AD Group Reviews Service Accounts Reviews High Privilege Service Accounts Backups Policy Password Configuration Employee Account Provisioning and Deprovisioning Review | |
|
Data Flow Analysis and Inventory
|
This spreadsheet is used to analyse a data asset in detail in preparation for GDPR
|
1.0
|
Corporate DataFlow Inventory | |
|
Data Subject Request Form
|
Subject Data form used to process requests related to their rights
|
1.1
|
||
|
Encryption Standards
|
This document describes encryption standards for all systems and applications that store and transmit data
|
1.2
|
||
|
End Point CMDB Management Procedure
|
This procedure describes how assets are assigned, replaced and discarded in the organisation
|
1.1
|
CMDB Reviews | |
|
GRC Contact List
|
GRC Contact list with useful contacts in case an emergency requires assistance from local authorities
|
1.0
|
Incident Management Process Review | |
|
GRC Team Roles and Responsibilities
|
Spreadsheet used to record GRC teams roles and Responsibilities
|
1.0
|
||
|
Hardening Standards
|
This document describes the hardening standards that must be applied to end-point systems networks OS; software; encryption and applications.
|
1.4
|
Regular Vulnerability Scanning Endpoint Hardware Inventory Database Administrator Account Reviews Log Reviews DMZ Firewall Reviews Standard Server Build - Linux Standard Server Build - Windows CRM Application - Account Reviews System Patching WPA2 Secured Wifi Networks Change Mgt Reviews AD Group Reviews Service Accounts Reviews VPN Access Policy Password Configuration Dual Factor Authentication Rogue Wifi APs IDS Reviews Google Apps 2-Factor Anti-Malware Software Reviews Network Device Hardening Reviews End-Point Reviews Application Hardening Standards | |
|
HR Security Policy
|
Security Checks
|
0.9
|
NDA and Policy Signing Reviews Employee Interview to assess satisfaction Employee contract reviews End-Point Reviews Background Check Reviews1!!! | |
|
HR Security Policy
|
Security Checks
|
1.0
|
||
|
Key Management Procedure
|
This document the steps required to procude; secure; distribute and disable encryption keys
|
1.0
|
||
|
Logging & Monitoring Standards
|
This document describes logging and audit trails requirements for systems and applications
|
1.3
|
Database Administrator Account Reviews Log Reviews DMZ Firewall Reviews CRM Application - Account Reviews Change Mgt Reviews AD Group Reviews High Privilege Service Accounts VPN Access Policy Password Configuration Log Reviews | |
|
Media Handling Policy
|
This procedure governs the use of physical media.
|
1.2
|
Destruction of Media Transport of Media Storage of Media | |
|
NDA Agreement
|
NDA Agreement for all employees and contractors
|
1.5
|
NDA and Policy Signing Reviews | |
|
Network Diagram
|
Defines the network setup for PCI including flows
|
1.1
|
Cardholder Data DMZ | |
|
Network Team Roles and Responsibilities
|
Describes the roles and responsabilities of the Network Team
|
1.0
|
||
|
PCI-DSS Scope
|
This document describes the scope of our PCI-DSS Certification program.
|
1.4
|
||
|
Physical Security Standards
|
This document describes the physical controls required on all our branches
|
1.3
|
CCTV Fire and Motion Detectors Badge Reviews Datacenter Security Visitor Log Reviews | |
|
Privacy Notice
|
Privacy Notice GDPR
|
1.1
|
||
|
Privacy Policy
|
Describes the norms and rules applicable when handling private data
|
1.3
|
||
|
SDLC Procedures
|
This procedure describes the steps and verifications required when developing and mantaining applications.
|
1.3
|
Code Reviews Software Testing Software Deployment Reviews |