Policy Development Case Study
An organization had recently been heavily cited by financial institution regulators over their lack of organization and maintenance of their information security policies. The organization had policies in a binder, on an internal web site, and various other locations with no discernable rhyme or reason. The policies were often conflicting and organizational management was unable to discern which polices were current and which were outdated.
TrustCC was engaged to sort their policies into an organized fashion and provide recommendations for enhancement. After reviewing the client’s policies in detail and interviewing them on their specific requirements, TrustCC created a gap analysis between their existing policies and industry best practices.
Once the gap analysis was complete, a comprehensive policy document was produced, eliminating redundancy and policy conflict. The client was provided with a suite of comprehensive information security policies, complete with policies the client did not currently have but should consider implementing.
The client subsequently implemented all of our recommendations and passed their most recent regulatory exam with flying colors.