Greetings folks!
We’re in need of brushing up and creating a few policies and procedures in preparation for an upcoming Cyber Audit. Wondering if you would be willing to share the following Templates(if you have them):
Information Security Program
Incident Response Plan
Risk assessment documentation for new products, services, technology and vendors
Project management policy and procedures
System hardening checklist
Change management policy and procedures
Information security training materials or tool/portal that is used to provide training
We are in the performing a comprehensive risk assessment for the church, so there is an IT component. In that context, we are planning on addressing:
Website security and control - we have language in our IT Manual covering how we safeguard our website and control who can make updates.
IT permitted use - we cover software and social media use guidelines in our Staff Handbook, and are planning to address hardware usage, maintenance and replacement.
Data backup and storage - a policy regarding the security of access to data, proper data storage and backup is being developed.
Disaster recovery - a disaster recovery plan is being developed.
You guys are a bit bigger than us so I’m not sure whether any of this would be helpful, but maybe there is a way to collaborate on some of it. Feel free to PM me…