Security Policies

Security Policies

Policies are established to shape and influence behavior to ensure consistency and legality in conducting business and pursuing the goals of your organization. Policies become formal when they are committed to writing and published. Formal policies are important because of the growing propensity for litigation concerning employment relationships and product and service problems. In addition to being guidelines for practice and behavior, formal policies provide a certain measure of legal protection. Policy is also a fundamental part of the preservation of confidentiality, integrity, and availability of information resources. Policy also forms the foundation against which an audit may be performed.

PCI Policy
security-key.png

Requirement 12 of the PCI Data Security Standard (PCI DSS) states that every organization should “maintain a policy that addresses information security for employees and contractors.” Critical to this requirement is that the security policies cover all of the technical requirements covered within the standard.

Spohn provides ready-to-use PCI policies. Each policy requirement of the PCI DSS version 1.2 is covered in Spohn’s PCI Policy documentation. Each policy description, related implementation specification, and guidelines can be implemented as-is or may be easily modified to fit within your organization’s security posture.

PCI Policy provides the following benefits:

  • Compliance with PCI DSS version 1.2
  • Comprehensive policies are ready-to-use or serve as a baseline for custom policy, saving development time
  • In-depth documentation aids understanding, adoption and implementation of policies
  • Based on recognized industry standards for security
  • All documents in Microsoft® Word format for easy use and modification
  • Delivered in print and on CD-ROM

HIPAA Policy
security-hipaa.png

HIPAA Security Rule policy and procedure requirements are driving the need for policy improvements. The HIPAA Security Rule 45 CFR Parts 160, 162, 164 was designed to set minimum requirements for security policy and procedures. Identifying the Rule’s requirements and developing new security policy and related procedures can be a time consuming task, especially when the end result is to actually implement them for improved security.

Spohn provides ready-to-use HIPAA Security Rule policy and procedures Spohn’s comprehensive HIPAA Security Policy and Procedures allows for rapid design and implementation of improved controls for Security Rule compliance.

Each policy requirement of the HIPAA Security Rule is covered in Spohn’s HIPAA Policy and Procedures documentation. Each policy description, related implementation specification, and guidelines can be implemented as-is or may be easily modified to fit within your organization’s security posture. Spohn’s HIPAA security policy will help you strengthen your organization’s security posture by defining new standards and acceptable practices for the handling of electronic protected health information.

HIPAA Policies provides the following benefits:

  • 100+ page comprehensive policy and procedures document covering the HIPAA Security Rule policy and procedure requirements
  • Comprehensive policies are ready-to-use or serve as a baseline for custom policy, saving development time
  • Each policy is referenced to the HIPAA Security Rule requirement
  • In-depth documentation aids understanding, adoption and implementation of policies
  • Templates, forms and checklists allow for immediate productive adoption and use of new procedures
  • Based on recognized industry standards for security
  • Summary document for user education and training
  • All documents in Microsoft® Word format for easy use and modification
  • Delivered in print and on CD-ROM

Enterprise Policy
security-mouse.png

Spohn provides ready-to-use Information Security Policies based on ISO 17799:2005 and other industry best practices. Spohn’s comprehensive set of security policies allows for rapid design and implementation of improved controls in accordance with industry best practices.

Enterprise Information Security Policy is designed to ensure that technical resources are properly protected, that the integrity and privacy of confidential information is maintained, that information resources are available when they are needed. Each policy can be implemented as is or may be easily modified to fit your organization’s operating environment.

Enterprise Security Policies provide the following benefits:

  • Based on recognized industry standards for security
  • Comprehensive policies are ready-to-use or serve as a baseline for custom policy, saving development time
  • In-depth documentation aids understanding, adoption and implementation of policies
  • Templates, forms and checklists allow for immediate productive adoption and use of new procedures
  • All documents in Microsoft® Word format for easy use and modification
  • Delivered in print and on CD-ROM

Comments are closed.