Effective information security implementation must have good policies, standard, procedures and guidlines to ensure the confidentiality, integrity and availability of systems and data.
Policies and standard are considered tools for governance and management while procedure and guidelines are the purview of operations.
Policies are high level statements of management intent, expectation and direction. Policy can be considered as the constitution of security governance.
Standard on the other hand are the metrics or process used to determine whether procedures meet policy requirement.
Procedure are the responsibility of operations as stated earlier. They are step by step medium of achieving the policy statement. They include all necessary step needed to to accomplish a specific task.
Guidelines, which is also the purview of operations are helpful information required for executing the procedure. They include dependencies, suggestions, examples, narrative and other background information that are helpful to executing the procedure.
At IronShield Technologies, our methodological approach to policy and procedure design is second to none. We write your policy and procedure in accordance with international best practices and with reference to framework such as ISO 27002:2005, COBIT, ITIL among others.
Contact us today via info@ironshieldtechng.com to have us carry out this service for your organization.
