DigitalDefence
Home > Advise > Policies, Controls and Compliance

Policies, Controls and Compliance

policy

A security policy is an enterprise-wide set of rules of operation to establish measures to protect an organization’s information assets. It defines authorization levels; more importantly, it sets out the limits for normal operations. All information, regardless of the industry or size of the company, must be protected and addressed in a security policy. Without these boundaries, there can be no security within an organization.

DigitalDefence provides the strategic and technical support needed to evaluate and implement your security policies, processes, and controls. We understand the tradeoffs between cost and security, and can bring an objective view to the policy authoring process, help you to identify any gaps, and support you in creating an Information Security policy that reflects the most effective industry practices and the legal and regulatory requirements.

Using our proprietary process which maps the standards directly to existing and planned business processes, we can highlight the benefits of compliance and facilitate its acceptance across an organization. In addition, we ensure that your Information Security policy and its supporting documents are fully compliant with all required Canadian and International laws and regulations.

The Policies and Compliance service is recommended for clients when:

  • No policies are presently in place; or policies and procedures are created, used and distributed in an ad hoc fashion
  • Policies have not been reviewed to ensure alignment with strategy, business practices, new technologies, or new business situations (e.g. merger or acquisition)
  • Protection of business information is critical to success
  • Ongoing need for employees (internal and external), contractors and vendors to have broad access to sensitive information
  • Potential for monetary loss or embarrassment due to security problems
  • Policies have been in place for a long time, and need review to ensure they meet changes in technology and most effective practices

Service Delivery

DigitalDefence can help you with:

  • Defining your organization’s information security strategy and goals in support of business objectives
  • Developing new Information Security Policies, identifying gaps in your existing policies, or providing an objective review of existing policies to ensure they support business objectives in an increasingly hostile digital world
  • Developing the practices, standards, and guidelines that support the Information Security Policy
  • Managing security programs, including project planning and project management
  • Developing and implementing a program to ensure corporate awareness of the Information Security Policy and supporting practices

DigitalDefence has a strong focus on the domestic and international standards that govern data privacy and security compliance. We support the following security and privacy regulations, frameworks, and standards:

  • Canadian security standards, including the Canadian Federal Government Security Policy, Province of Ontario Information and Technology Standards, especially GO-ITS 25
  • Canadian privacy standards, including PIPEDA and provincial and municipal standards
  • International standards and directives, including California Senate Bill 1386 (the “Breach Act), and similar state statutes; Gramm-Leach Bliley Act, GLBA; Health Insurance Portability and Accountability Act of 1996, HIPAA; Sarbanes-Oxley Act, SoX; Control Objectives for Information and Related Technology, CobiT; ISO 27001:2005; PCI DSS, and the Standard of Good Practices for Information Security, among others


PCI DSS Readiness Audit