Information Security is a crucial and challenging task and becomes ever more complex when combating threats from both internal and external sources. A security policy provides a company wide, high-level description of the regulations and controls required to protect data and transactions, and is based on the outcome of a risk assessment.
Experienced S&T consultants, acting as mentors, guide and advise the policy development team by providing structured agendas and sessions, by documenting the outcome of workshops and by performing a concluding joint review of the draft version with the management before the policies come into force in the organization.
The ultimate objective is mitigation of the assessed risks by defining clear and applicable rules, consistent roles, responsibilities and processes for information security tasks, based on established international ISO standards.
Policy documents are drawn up by a policy development team for approval and subsequent ownership by the company’s management.
The comprehensive S&T portfolio of services also includes roll-out activities and a periodical review process of the systemic implementation of Information Security.
The holistic methodology and consulting skills of S&T consultants have been attained in numerous highly demanding customer projects.