Documents, Policies, Etc

Use this template policies, standards and procedures to document how Internal Controls should be designed, build and most importantly systematcially operated. These documents link to Internal Controls and Compliance Requirements.

32

0%
Current Policies

0

0%
New Policies

0

0%
Updated Policies
Actions
Title
Short Description
Version
Internal Controls
Acceptable use of Assets
Policy that describes norms of use for assets provided by the organisation
1.2
Account Management Procedures
This procedure describes the steps validations and approvals required to obtain credentails in any technology system that requires them in order to operate.
1.6
CRM Application - Account Reviews AD Group Reviews Google Apps 2-Factor Active Directory User Reviews Database Administrator Account Reviews High Privilege Service Accounts Service Accounts Reviews XERO Account Reviews User Access Maintenance Request Employee Account Provisioning and Deprovisioning Review
Backup Policies
This document governs data backups and retention as well as the processes to manage and ensure this standards are met
1.3
Backups
Card Holder Standards
This document describes the standards for handling cardholder data
1.4
Change Management Procedure
This procedure describes the steps required to change any piece of technological equipment.
1.2
DMZ Firewall Reviews Standard Server Build - Windows Change Mgt Reviews AD Group Reviews Backups High Privilege Service Accounts Policy Password Configuration Service Accounts Reviews Standard Server Build - Linux Employee Account Provisioning and Deprovisioning Review
Data Flow Analysis and Inventory
This spreadsheet is used to analyse a data asset in detail in preparation for GDPR
1.0
Corporate DataFlow Inventory
Data Subject Request Form
Subject Data form used to process requests related to their rights
1.1
Encryption Standards
This document describes encryption standards for all systems and applications that store and transmit data
1.2
End Point CMDB Management Procedure
This procedure describes how assets are assigned, replaced and discarded in the organisation
1.1
CMDB Reviews
GRC Contact List
GRC Contact list with useful contacts in case an emergency requires assistance from local authorities
1.0
Incident Management Process Review
GRC Team Roles and Responsibilities
Spreadsheet used to record GRC teams roles and Responsibilities
1.0
Hardening Standards
This document describes the hardening standards that must be applied to end-point systems networks OS; software; encryption and applications.
1.4
Regular Vulnerability Scanning Endpoint Hardware Inventory DMZ Firewall Reviews Standard Server Build - Windows CRM Application - Account Reviews Change Mgt Reviews AD Group Reviews IDS Reviews Google Apps 2-Factor Database Administrator Account Reviews Dual Factor Authentication Log Reviews Policy Password Configuration Rogue Wifi APs Service Accounts Reviews Standard Server Build - Linux System Patching WPA2 Secured Wifi Networks VPN Access Anti-Malware Software Reviews Network Device Hardening Reviews End-Point Reviews Application Hardening Standards
HR Security Policy
Security Checks
0.9
NDA and Policy Signing Reviews Employee Interview to assess satisfaction Employee contract reviews End-Point Reviews Background Check Reviews1!!!
HR Security Policy
Security Checks
1.0
Key Management Procedure
This document the steps required to procude; secure; distribute and disable encryption keys
1.0
Logging & Monitoring Standards
This document describes logging and audit trails requirements for systems and applications
1.3
DMZ Firewall Reviews CRM Application - Account Reviews Change Mgt Reviews AD Group Reviews Database Administrator Account Reviews High Privilege Service Accounts Log Reviews Policy Password Configuration VPN Access Log Reviews
Media Handling Policy
This procedure governs the use of physical media.
1.2
Transport of Media Destruction of Media Storage of Media
NDA Agreement
NDA Agreement for all employees and contractors
1.5
NDA and Policy Signing Reviews
Network Diagram
Defines the network setup for PCI including flows
1.1
Cardholder Data DMZ
Network Team Roles and Responsibilities
Describes the roles and responsabilities of the Network Team
1.0
PCI-DSS Scope
This document describes the scope of our PCI-DSS Certification program.
1.4
Physical Security Standards
This document describes the physical controls required on all our branches
1.3
Badge Reviews Datacenter Security CCTV Fire and Motion Detectors Visitor Log Reviews
Privacy Notice
Privacy Notice GDPR
1.1
Privacy Policy
Describes the norms and rules applicable when handling private data
1.3
SDLC Procedures
This procedure describes the steps and verifications required when developing and mantaining applications.
1.3
Software Testing Code Reviews Software Deployment Reviews