Documents, Policies, Etc

Use this template policies, standards and procedures to document how Internal Controls should be designed, build and most importantly systematcially operated. These documents link to Internal Controls and Compliance Requirements.

32

0%
Current Policies

0

0%
New Policies

0

0%
Updated Policies
Actions
Title
Short Description
Version
Internal Controls
Acceptable use of Assets
Policy that describes norms of use for assets provided by the organisation
1.2
Account Management Procedures
This procedure describes the steps validations and approvals required to obtain credentails in any technology system that requires them in order to operate.
1.6
Active Directory User Reviews Database Administrator Account Reviews CRM Application - Account Reviews AD Group Reviews Service Accounts Reviews High Privilege Service Accounts XERO Account Reviews Google Apps 2-Factor User Access Maintenance Request Employee Account Provisioning and Deprovisioning Review
Backup Policies
This document governs data backups and retention as well as the processes to manage and ensure this standards are met
1.3
Backups
Card Holder Standards
This document describes the standards for handling cardholder data
1.4
Change Management Procedure
This procedure describes the steps required to change any piece of technological equipment.
1.2
DMZ Firewall Reviews Standard Server Build - Linux Standard Server Build - Windows Change Mgt Reviews AD Group Reviews Service Accounts Reviews High Privilege Service Accounts Backups Policy Password Configuration Employee Account Provisioning and Deprovisioning Review
Data Flow Analysis and Inventory
This spreadsheet is used to analyse a data asset in detail in preparation for GDPR
1.0
Corporate DataFlow Inventory
Data Subject Request Form
Subject Data form used to process requests related to their rights
1.1
Encryption Standards
This document describes encryption standards for all systems and applications that store and transmit data
1.2
End Point CMDB Management Procedure
This procedure describes how assets are assigned, replaced and discarded in the organisation
1.1
CMDB Reviews
GRC Contact List
GRC Contact list with useful contacts in case an emergency requires assistance from local authorities
1.0
Incident Management Process Review
GRC Team Roles and Responsibilities
Spreadsheet used to record GRC teams roles and Responsibilities
1.0
Hardening Standards
This document describes the hardening standards that must be applied to end-point systems networks OS; software; encryption and applications.
1.4
Regular Vulnerability Scanning Endpoint Hardware Inventory Database Administrator Account Reviews Log Reviews DMZ Firewall Reviews Standard Server Build - Linux Standard Server Build - Windows CRM Application - Account Reviews System Patching WPA2 Secured Wifi Networks Change Mgt Reviews AD Group Reviews Service Accounts Reviews VPN Access Policy Password Configuration Dual Factor Authentication Rogue Wifi APs IDS Reviews Google Apps 2-Factor Anti-Malware Software Reviews Network Device Hardening Reviews End-Point Reviews Application Hardening Standards
HR Security Policy
Security Checks
1.0
HR Security Policy
Security Checks
0.9
NDA and Policy Signing Reviews Employee Interview to assess satisfaction Employee contract reviews End-Point Reviews Background Check Reviews1!!!
Key Management Procedure
This document the steps required to procude; secure; distribute and disable encryption keys
1.0
Logging & Monitoring Standards
This document describes logging and audit trails requirements for systems and applications
1.3
Database Administrator Account Reviews Log Reviews DMZ Firewall Reviews CRM Application - Account Reviews Change Mgt Reviews AD Group Reviews High Privilege Service Accounts VPN Access Policy Password Configuration Log Reviews
Media Handling Policy
This procedure governs the use of physical media.
1.2
Destruction of Media Transport of Media Storage of Media
NDA Agreement
NDA Agreement for all employees and contractors
1.5
NDA and Policy Signing Reviews
Network Diagram
Defines the network setup for PCI including flows
1.1
Cardholder Data DMZ
Network Team Roles and Responsibilities
Describes the roles and responsabilities of the Network Team
1.0
PCI-DSS Scope
This document describes the scope of our PCI-DSS Certification program.
1.4
Physical Security Standards
This document describes the physical controls required on all our branches
1.3
CCTV Fire and Motion Detectors Badge Reviews Datacenter Security Visitor Log Reviews
Privacy Notice
Privacy Notice GDPR
1.1
Privacy Policy
Describes the norms and rules applicable when handling private data
1.3
SDLC Procedures
This procedure describes the steps and verifications required when developing and mantaining applications.
1.3
Code Reviews Software Testing Software Deployment Reviews