Policy & Procedures Review

Security Compliance Associates(SCA) approach to Information Security Policy and Procedures begins with a review of the institution’s existing information security policies, standards, practices and procedures, and provides an assessment based on compliance with FRS, FDIC, OTS, OCC, or NCUA regulations, FTC, PCI-DSS, HIPAA and FFIEC guidance, industry standards and SCA best practices. The resulting report provides a solid basis for drafting/revising the Institution’s Information Security Policies and Procedures.

SCA will conduct a series of interviews with personnel identified as key contacts to help identify and document existing practices. During this task, SCA will use a series of questionnaires, checklists and forms to collect your institution’s existing information security related policies, standards and procedures. SCA will analyze and evaluate key policies, procedures and standards in order to identify weak or undocumented elements. When reviewing existing policies and standards, SCA will:

  • Evaluate and assess their comprehensiveness to current compliance regulations
  • Identify their specific strengths and weaknesses, within your organization
  • Provide customized information security recommendations for improving policies, standards and procedures
  • Recommend a schedule for implementation of any recommendations

SCA will present detailed findings and specific recommendations for drafting or revising information security policies, procedures and standards.