The development and proper implementation of a sound security policy and procedures manual (SPPM) is highly beneficial. It allows your organization to identify risk and to document procedures and policies in relation to those risks.
Download our sample table of contents

 

New security issues are uncovered daily thus making it necessary to revisit even the absolute best security policy and procedures on a semi-annual or annual basis to ensure new security issues have been documented and staff awareness training has taken place. The process of developing a security policy will also help define an organization’s critical assets; the ways they must protected those assets and will serve as a centralized document for the protection of information security assets.

 

Regulations and industry standards such as HIPAA/HITECH, GLBA, FFIEC, ISO and PCI DSS, require the implementation of a formalized security policy to validate compliance. Loricca has developed security policies and procedures for all types of organizations such as hospitals, physician’s offices, merchants and service providers.

 

Loricca’s methodology is designed to ensure a comprehensive examination of an organization's specific business and regulatory requirements.

 

Phase 1: Data Gathering – Our certified security professional’s conduct a series of in-depth interviews to understand your organizations specific risks and business requirements.

 

Phase 2: Policy Draft – Using the information obtained in Phase 1, we create a comprehensive set of policies and procedures that specifically address any areas of need identified.

 

Phase 3: Review – A draft SPPM is created and reviewed with your staff and/or legal counsel to ensure that each area of security has been addressed by the policy.

 

Phase 4: Implementation – Once the SPPM has been approved, Loricca delivers the final document for implementation.

 

Phase 5:  Staff Training – Once your SPPM has been fully developed, Loricca can provide onsite or remote classes to train your staff and assist with implementation of the SPPM within your organization.

 

Loricca’s Security Policies and Procedures include:

• Acceptable Use Policy 

• Password Policy

• Backup Policy 

• Virtual Private Network (VPN) Policy 

• Guest Access Policy

• Wireless Policy

• Confidential Data Policy 

• Data Classification Policy

• Mobile Device Policy 

• Retention Policy

• Outsourcing Policy

• Physical Security Policy

• Email Policy

• Network Access Policy

• Incident Response Policy 

• Remote Access Policy

• Third Party Connection Policy

• Network Security Policy 

• Encryption Policy

• Policy Acknowledgement Form

• Security Incident Report

• Notice of Policy Noncompliance

• Account Setup Request

• Guest Access Request

• Request for Policy Exemption

• And more!

Loricca's Security Policies and Procedures will assist your organization with developing and documenting a solid security strategy for:

 

• Assist in your compliance and audit efforts

• The PCI Data Security Standard (DSS)

• The Health Insurance Portability and Accounting Act (HIPAA)

• Massachusetts 201 CMR 17.00

• The Sarbanes-Oxley Act (SOX)

• The Gramm-Leach-Bliley Act (GLBA)

• FDA Title 21 CFR Part 11

• SAS 70

• ISO 17799

• ISO 27000

• Mitigating the risk from a security incident

• Educate users on sound security practices

• Reduce legal risk

• Meet customer requirements

Contact us today  ~ 813-600-3005