Project Management

Project Management Central

Please login or join to subscribe to this thread

Topics: Consulting, Legal Project Management
Security Policies - guidance/examples needed
Hello, does anyone have a template or reference for writing a data security policy for a consultancy? I am looking for good examples for writing up policies including security framework, audits, data at rest, incident response. Thanks in advance for your help!
Sort By:
My advice on this area would be to start by looking at DoD documentation. For one, the stuff they deal with ranges from benign to various levels of very secret. That means it will cover your entire solution space and more. The other is that the rules are out there in the public domain. I took a look at some documents available on the web, and although redacted in areas, they paint a pretty good picture of the overall landscape.

The rules themselves need to be heavily tailored to what information you're protecting and if there are applicable regulations. Regardless however, there is stuff you can leave out on your desk, and there is stuff sensitive enough that the CEO has to sign off on your access, so seeing how the military deals with information security is a great starting point for how to structure your own version.
Hi Keith,
Thanks for your reply and feedback. I'll share with my team.

Please login or join to reply

Content ID:

"We cling to our own point of view, as though everything depended on it. Yet our opinions have no permanence; like autumn and winter, they gradually pass away."

- ChuangTzu