Phoenix - Your AI AssistantDeliver a Security Policy Pack
Delivery in
5 days
- Views 20
Amount of days required to complete work for this Offer as set by the freelancer.
Rating of the Offer as calculated from other buyers' reviews.
Average time for the freelancer to first reply on the workstream after purchase or contact on this Offer.
What you get with this Offer
The Information Security and Risk Management Policy will act as the single source for how security will be managed and what governance levels are in place. It will provide high level guidance on the implementation of key security activities, such as: roles and responsibilities, risk management, asset management, access control, acceptable use, physical security, personnel security, supply chain management, business continuity and disaster recovery, data security (data at rest, in transit and in processing).
The Information Risk Appetite Statement is another fundamental artefact. Without one, it is difficult to know where to apply effort to mitigate risks. Too risk averse, and little will be achieved, harming your business but if you accept too much risk, the same harm can be done. This document, in consultation with you, will look at certain risk areas such as confidentiality, integrity and availability as well as business reputation, legal and compliance and financial risk.
The Data Protection Impact Assessment is key for any business that collects, stores and processes Personally Identifiable Information (PII). An appropriate first draft or review of existing assessments will not be wasted, as the penalties for not carrying out due diligence and due care with respect to PII is punished harshly. Even if your business focus is not centred on data collection, you likely hold PII on your employees and partners – which all constitute PII and the risk posed by collecting and storing it needs to be assessed.
It should be noted, this offering is ideal for a Small to Medium Enterprise, and is intended to provide the foundations for further development and refinement over time.
The Information Risk Appetite Statement is another fundamental artefact. Without one, it is difficult to know where to apply effort to mitigate risks. Too risk averse, and little will be achieved, harming your business but if you accept too much risk, the same harm can be done. This document, in consultation with you, will look at certain risk areas such as confidentiality, integrity and availability as well as business reputation, legal and compliance and financial risk.
The Data Protection Impact Assessment is key for any business that collects, stores and processes Personally Identifiable Information (PII). An appropriate first draft or review of existing assessments will not be wasted, as the penalties for not carrying out due diligence and due care with respect to PII is punished harshly. Even if your business focus is not centred on data collection, you likely hold PII on your employees and partners – which all constitute PII and the risk posed by collecting and storing it needs to be assessed.
It should be noted, this offering is ideal for a Small to Medium Enterprise, and is intended to provide the foundations for further development and refinement over time.
What the Freelancer needs to start the work
Firstly, I would need to understand the context of your business, what you are looking to achieve in the short term and a longer term projection. An overview of your critical assets, current information security provision and any areas of concern so that I can tailor the artefacts to your needs.