We’re in need of brushing up and creating a few policies and procedures in preparation for an upcoming Cyber Audit. Wondering if you would be willing to share the following Templates(if you have them):
- Information Security Program
- Incident Response Plan
- Risk assessment documentation for new products, services, technology and vendors
- Project management policy and procedures
- System hardening checklist
- Change management policy and procedures
- Information security training materials or tool/portal that is used to provide training
- Technology Acceptable Use Policy
- Mobile Device Acceptable Use Policy
- Disaster recovery plan and training materials
- Pandemic Plan
Sorry for the late response Neil.
We are in the performing a comprehensive risk assessment for the church, so there is an IT component. In that context, we are planning on addressing:
Website security and control - we have language in our IT Manual covering how we safeguard our website and control who can make updates.
IT permitted use - we cover software and social media use guidelines in our Staff Handbook, and are planning to address hardware usage, maintenance and replacement.
Data backup and storage - a policy regarding the security of access to data, proper data storage and backup is being developed.
Disaster recovery - a disaster recovery plan is being developed.
You guys are a bit bigger than us so I’m not sure whether any of this would be helpful, but maybe there is a way to collaborate on some of it. Feel free to PM me…