Disaster Recovery Team Policy
This policy provides guidelines and standards an organization can follow when creating and improving its disaster recovery plans.
Enterprise Assessment and Monitoring Policy
The purpose of this policy is to develop a consistent method for scheduling and managing company IT security assessment processes.
Information Technology (IT) Security Policy
This document contains two sample policies that establish guidelines an organization should follow to ensure that its IT security meets standard best practices.
IT Auditing and Logging Standard Policy
The purpose of this auditing and logging standard is to ensure that all company systems are auditable and that proper procedures are in place to identify and resolve all high-risk security, integrity and/or availability issues.
IT and Telephony Systems Acceptable Use Policy
This sample policy outlines guidelines and procedures common to proper use of a debt manager’s IT and telephony equipment, focusing on passwords, software downloading, email use, internet and website browsing use, removable electronic data storage media, telephones, and the Data Protection Act.
Mobile Device Acceptable Use Policy
This sample policy defines standards, procedures and restrictions for end users required to access corporate data from mobile devices.
Spreadsheet Controls Policy
This tool contains two samples that outline policies and procedures to give guidance and ensure compliance related to financial spreadsheet controls.
Business Continuity Management Audit Work Program
This tool contains three sample work programs that provide general steps organizations can take when conducting a business continuity management audit.
IT Continuity Review Audit Work Program
This sample audit program includes steps that can be used to audit an organization’s IT continuity process.
Social Engineering Audit Work Program
This sample work program provides general steps organizations should follow when performing a social engineering audit.