Policy & Procedures Development & Maintenance

Security Compliance Associates (SCA) will review, revise, modify and document existing information security policies and procedures, and draft additional policies and procedures as necessary to enhance and organize our clients written policies and procedures utilizing a three-tiered compliance model.

INFORMATION SECURITY POLICIES
The Information Security Policy, approved by the Board of Directors, is the compliance-oriented document that provides the strategic direction for your institution and delegates to management the responsibility and authority to implement the Information Security Program.

INFORMATION SECURITY STANDARDS AND PROCEDURES
The Standards document will define the principles, values and environment. Standards also define the authorized use of information and compliance requirements. Procedures specify step-by-step directions for compliance with standards.

EMPLOYEE GUIDELINES
Employee Guidelines consist of those elements of the institution’s standards and procedures that affect every employee and are augmented with the institution’s appropriate use standards. The Employee Guidelines do not contain elements of the standards and procedures that are designed for management and IT staff. The Employee Guidelines provide a guide for meeting mandated training requirements.

POLICIES AND PROCEDURES MAINTENANCE
Throughout the term of the contract, SCA will modify the institution’s policy and procedure as necessary to keep pace with changes in law or regulation, changes in technology, changes in management and/or changes in operations that may impact the institution’s Information Security Policies and Procedures.