POLICY AND PROCEDURES DEVELOPMENT / MAINTENANCE
Security Compliance Associates (SCA) will review, revise, modify and document existing information security policies and procedures, draft additional policies and procedures as necessary to enhance and organize our clients written policies and procedures utilizing a three-tiered compliance model. All of our customized information security method recommendations accepted by your management during the Policy and Procedure review will be integrated into the documents to be produced by SCA for your institution exclusively.
Information Security Policies
Approved by the Board of Directors, Information Security Policy provides the strategic direction for your institution. This key document will state the specific areas within your company requiring protection and document the associated rationale, while continually maintaining consistency with your institution’s overall information security philosophy and effective methods of security breach prevention.
Information Security Standards and Procedures
Address the acceptable level of security for each topical area outlined in a policy and describe how to implement and monitor the required level of information security as outlined in the standards. Standards define the level of security according to specific technology, implementation, mechanics and/or vendors. Standards also define the authorized use of information and compliance requirements. Procedures map directly to the standards and specify understandable step-by-step directions for complying with those standards. SCA as a leader in the field of professional security experts, ensures all standards and procedures applied are current .
Employee Guidelines
Are then developed and presented to each employee who has access to non-public personal information and information systems. Employee Guidelines consist of those elements of the institution's standards and procedures that affect every employee, and are augmented with the institution's e-mail and internet use policies. The Employee Guidelines do not contain elements of the standards and procedures that are designed for management and IT staff. The Employee Guidelines becomes your training guide to meet mandated training requirements and ensure the public's continued trust that your institution safeguarding of the private individuals information will not be compromised. Ensuring that each employee is well informed to identify or prevent a security incident with simple training and company clearly communicated.
POLICY AND PROCEDURE MAINTENANCE
SCA continuously monitors legislation and regulating agencies for new laws and regulations affecting privacy, data security, and safeguarding consumer information. Throughout the term of the contract, SCA will modify the institution's policy and procedure as necessary to keep pace with changes in law or regulation. Furthermore, SCA will maintain contact with the institution and modify policy and procedure as necessary to keep pace with changes in technology, changes in management and/or changes in operation that may impact the institution's Information Security Policies and Procedures. SCA's commitment is to keeping our clients informed and current on information security best practices is our top priority.
