Cyber Audit - Resources, Policies, Procedures


(Neil Charlet) #1

Greetings folks!
We’re in need of brushing up and creating a few policies and procedures in preparation for an upcoming Cyber Audit. Wondering if you would be willing to share the following Templates(if you have them):

  • Information Security Program
  • Incident Response Plan
  • Risk assessment documentation for new products, services, technology and vendors
  • Project management policy and procedures
  • System hardening checklist
  • Change management policy and procedures
  • Information security training materials or tool/portal that is used to provide training
  • Technology Acceptable Use Policy
  • Mobile Device Acceptable Use Policy
  • Disaster recovery plan and training materials
  • Pandemic Plan

(Steve Klein) #2

Sorry for the late response Neil.

We are in the performing a comprehensive risk assessment for the church, so there is an IT component. In that context, we are planning on addressing:

  • Website security and control - we have language in our IT Manual covering how we safeguard our website and control who can make updates.

  • IT permitted use - we cover software and social media use guidelines in our Staff Handbook, and are planning to address hardware usage, maintenance and replacement.

  • Data backup and storage - a policy regarding the security of access to data, proper data storage and backup is being developed.

  • Disaster recovery - a disaster recovery plan is being developed.

You guys are a bit bigger than us :slight_smile: so I’m not sure whether any of this would be helpful, but maybe there is a way to collaborate on some of it. Feel free to PM me…