POLICY AND PROCEDURES REVIEW
Security Compliance Associates(SCA) approach to Information Security Policy and Procedures begins with a review of the institution's existing information security policies, standards, practices and procedures and provides an assessment based on compliance with FRS, FDIC, OTS, OCC, or NCUA Regulations, FFIEC guidance, industry standards and Security Compliance Associates's best practices. The resulting report provides a solid basis for drafting/revising the Institution's Information Security Policies and Procedures.
During this task, SCA will use a series of questionnaires, checklists and forms to collect your institution's existing information security related policies, standards and procedures. SCA will also conduct a series of interviews with personnel identified as key contacts to help identify and document existing practices. The information gathered during this phase is essential for compiling data to create, document or revise policies, standards and procedures to ultimately eliminate windows of vulnerabilities to your company.
SCA's experts in the field of Information Security will analyze and evaluate key policies, procedures and standards, identify weak or undocumented elements to help the institution quickly focus on the most business-essential and compliance oriented policies, procedures and standards. These recommended policies, procedures and standards, with supporting rationale, will provide a customized foundation for an effective compliance, technology and a leading edge information security program.
When reviewing existing policies and standards, SCA will:
SCA will conduct a briefing at your institution's facility to present detailed findings and specific recommendations for drafting or revising information security policies, procedures and standards, and explain recommendations and current compliance requirements.