Information Security Policy and Procedures Writing for Regulatory Compliance

FLANK specializes in information security policy writing and consulting services, such as writing security policies for organizations of all types, sizes, industries, and sectors. Specifically, we specialize in policy and procedure writing and consulting services related to ISO 27001, 27002, FISMA, FERC, NERC, NIST, HIPAA, HITECH, FFIEC, GLBA, Business Continuity, PCI DSS, cyber security, cloud security, virtualization, EU-U.S. and Swiss-U.S. Privacy Shield, and many other initiatives. A growing movement seen within recent years is companies needing to have in place documented policies, procedures and processes, due in large part to many state, federal, country | region specific, and industry mandated compliance requirements.

Stop and think about the many initiatives, legislative mandates, and supporting business directives currently in place (i.e., ISO 27001 | 27002, FISMA, HIPAA, GLBA, FFIEC, PCI, SOC 1, SOC 2 AT 101, SOC 3 SysTrust | WebTrust, etc.) and it can be overwhelming indeed. The vast majority of these regulatory compliance programs require organizations having documented information security policies and procedures in place. But easier said than done, as authoring these documents can be tedious, arduous, time-consuming, and most-of-all, challenging.

A much more efficient process can be had, by purchasing the Global Information Security Policy Toolkit (GISPT) set of policy and procedure documents from FLANK today, along with hiring us for information security policy writing and consulting services.  Learn more about our signature product, the Global Information Security Policy Toolkit (GISPT), today.

Years of Experience in Writing Security Policies and Procedures

We have a deep bench of experienced, capable, and professional consultants who specialize in developing well-written, highly customized policy and procedure documents for organizations all across North America and Europe. What's more, our policy and procedure templates include documentation for all applicable information security categories and domains, such as the following:

  • Network Security (routers, switches, firewalls, load balancers, and more)
  • Operating Systems (Microsoft, UNIX, Linux)
  • Databases (MS SQL Server, MySQL, PostreSQL, Oracle)
  • Web Servers (Apache, Tomcat, IIS)
  • Application Servers (JBoss, etc.)
  • Virtualization Platforms
  • Cloud Computing
  • And much, much more.

InfoSec Templates for Writing InfoSec Policies

Moreover, our policy and procedure documents are extremely in-depth and comprehensive, as they include the following:

  • Hundreds of policies and procedures, forms, checklists, templates, and provisioning and hardening documents - all relating to information security.
  • Dozens and dozens of sections and categories, including many business and operational policy and procedure documents vital to information systems, such as Risk Assessment, Security Awareness Training, Incident Response, etc.
  • Material developed exclusively for many of today's emerging information technology sectors, such as virtualization and cloud computing.
  • In-depth documents created for many operational area that now are an important component of information security, such as risk assessment, security awareness, training, just to name a few.
  • Documentation that is current with many of the versions and releases put forth by major hardware and software vendors.

What Makes our Documentation Different

Additionally, our consultants possess a strong working knowledge of all applicable frameworks and other sources that have been included in the development and publication of our Global Information Security Policy Toolkit (GISPT) set of policy and procedure documents, such as the following:

  • ISO 27001 | 27002 framework
  • Information Technology Infrastructure Library (ITIL)
  • COBIT | Control Objectives for Information and Related Technologies
  • COSO | Committee of Sponsoring Organizations of the Treadway Commission
  • NIST SP 800 Publications (Approximately 100 + publications)
  • Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) | Unclassified Documents
  • United States Computer Emergency Readiness Team (US CERT)
  • CIS Security Benchmarks Division
  • NIST National Vulnerability Database
  • Open Source Vulnerability Database
  • Common Configuration Enumeration (CCG)
  • Common Vulnerabilities and Exposures CVE
  • Cloud Security Alliance (CSA)
  • SANS Institute
  • Open Web Application Security Project (OWASP)
  • Vendor specific setup, configuration and hardening guides for all major network devices, operating system, databases, web servers, and more.