Documents, Policies, Etc
Use this template policies, standards and procedures to document how Internal Controls should be designed, build and most importantly systematcially operated. These documents link to Internal Controls and Compliance Requirements.
35
0%
Current Policies
0
0%
New Policies
0
0%
Updated Policies
|
Actions
|
Title | Short Description | Version | Internal Controls |
|---|---|---|---|---|
|
Security Governance Policy
|
This policy describes the base upon which GRC is designed; implemented and operated to ensure compliance and continuous improvement.
|
1.4
|
Security Awareness Trainings Key GRC Components Inventory Reviews GRC Team, Competences, Roles and Responsibilities Log Reviews | |
|
SIEM Standards
|
Describes the standards under which SIEM must operate
|
1.1
|
SIEM Review | |
|
Subject Data Request Processing Procedure
|
This process documents the steps required to perform to deal with Data Subject requests
|
1.1
|
||
|
System inventory
|
Inventory of all the systems in the scope of this program
|
1.1
|
Endpoint Hardware Inventory Standard Server Build - Windows Change Mgt Reviews Log Reviews Standard Server Build - Linux WPA2 Secured Wifi Networks End-Point Reviews Software Deployment Reviews CMDB Reviews Log Reviews Corporate Application Inventory | |
|
Technical Infrastructure CMDB Management Procedure
|
The process by which IT is able to keep an updated list of assets and owners
|
1.1
|
||
|
Third Party Relationships Security Policy
|
Governs the required security and compliance diligence when the organisation initiates business relationships with third parties
|
1.3
|
Supplier Vendor Assessments | |
|
Vulnerability and Incident Management
|
This procedure describes the steps required to handle the identification and treatment of vulnerabilites and incidents across the organisation.
|
1.1
|
Regular Vulnerability Scanning System Patching Penetration Testing Incident Management Process Review |