Policies & Procedures

Effective Polices & Procedures are crucial for successful security strategies.

Policies & Procedures are crucial to implementing an effective data security strategy. They should be viewed as the glue that holds all aspects of data security together, without effective Policies & Procedures (P&Ps), each aspect of data security would be a collection of disparate parts.

This is why VigiTrust believes it is imperative that organizations are provided with effective P&Ps which suit their business strategy as well as corporate security strategy. VigiTrust have developed over sixty classes of polices to address each aspect of data security.

Areas Addressed by VigiTrust’s Policies & Procedures:

VigiTrust has developed the 5 pillars of security framework on which its P&Ps are based. Each of the following areas are addressed: Physical Security, People Security, Data Security, IT Security and Disaster Recovery & Business Continuity.

5 Pillars of security

Customization of Policies

For policies to be effective, they must reflect the organizations’ specific requirements. VigiTrust pays special attention to tailoring its Polices to match organizations’ strategic requirements and ensures they comply with the relevant legal and industry frameworks that apply.

VigiTrust has developed a four step process for both selecting and tailoring the Policies & Procedures required each organization.

  1.  Discovery: Through VigiTrust’s consultative approach working with staff, a detailed map of an organizations’ structure and risks is created.
  2. Policy Selection & Definition: Based on the map created in step 1, VigiTrust selects the Policies that will be required. These Policies are then modified to reflect the organizations specific circumstances.
  3. Appraisal: The tailored Policies are then reviewed in consultation with the customer, in order that all requirements are addressed effectively.
  4. Execution: Based on customer feedback, any final adjustments are created before the final Policies & Procedures are deployed.

Tried & Tested Policies & Procedures

The Policies & Procedures employed by VigiTrust are based on data security best practice, taking in to account ISO27001 and PCI DSS. In addition they are based on VigiTrust’s extensive experience in helping clients become compliant with one or more data security standards. VigiTrust has learned from working with auditors, which Policies are not only effective but are also likely to be accepted by official auditors.

For more information on the importance of P&Ps and for some detail on the P&Ps provided by VigiTrust, read Ensuring IT Policies&Procedures Comply with DSS.