Security Policies and Procedures

Comprehensive security policies, clearly written and communicated, are a cornerstone of effective data governance.  Eagle can provide security policies that are appropriate to the size and scale of your business and that conform to any desired security frameworks and/or regulatory requirements.

Eagle begins a policy project by understanding these requirements.   Is the organization seeking certification under a framework such as the AICPA Trust Services Criteria (SOC 2), ISO 27001/27002, or other framework?  Is compliance with the Payment Card Industry Data Security Standard (PCI DSS) required?  Are there regulatory obligations, such as HIPAA, SOX, CMMC, GDPR, state law, or other?  We also need to understand the business – the staff, structure, operating locations, products/services, systems, and culture.  Is the organization using a traditional data center with in-house technical staff, or are certain operations outsourced using a cloud vendor and Managed Services Provider (MSP)?

If the client desires to update existing policies, a gap analysis will be performed as a next step to identify any gaps between the client’s existing policies and the desired end state.  After completing this analysis, the project scope can be explicitly defined and quoted.

Whether the project is enhancing existing policies or performing a complete overhaul/replacement, Eagle uses its extensive internal library of security policies for maximum productivity and to ensure the lowest cost of the project.  Eagle’s library includes policy content for different size organizations, different workflows, different security models, and different regulatory compliance obligations.

Eagle creates a draft for review by client.  Any required adjustments will be incorporated with a final draft provided.

After performing a significant update of security policies, there is typically a gap between the policies and current security processes.  If requested, Eagle can provide an implementation plan that sequences and prioritizes implementation efforts.

Pin It on Pinterest