Home

Support Portal

Management Team

Our History

Employment

Security Strategy, Framework & Policy

Risk Assessment

Control Implementation

Security Education

Maintenance, Monitoring and Support

Information Security Consulting

Security Integration

Managed Services

Licensing and Maintenance

Security Information and Event Management

Identity and Access Management

Remote Access

Data Leakage Prevention

Threat Management and Mitigation

Partner News

Past events

Security Capabilities

Approach

Security Strategy, Framework & Policy

Risk Assessment

Control Implementation

Security Education

Maintenance, Monitoring and Support

Services

Information Security Consulting

Security Integration

Managed Services

Licensing and Maintenance

Solutions

Security Information and Event Management

Identity and Access Management

Remote Access

Data Leakage Prevention

Threat Management and Mitigation

Security Capabilities

Approach

Services

Information Security Consulting

Security Integration

Managed Services

Licensing and Maintenance

Solutions

eNEWSLETTER SIGNUP
Sign up here to receive our quarterly newsletter.

REGISTER FOR EVENTS
See which security events are happening in your area.

SUPPORT PORTAL
Log a support ticket or login to view an existing support case.

INformation sECURITY
POLICY REVIEW

WHAT IS A SECURITY POLICY?
An Information Security Policy is a documented or collection of documents describing the rules for protecting information and the systems used to store, process and transmit this information.

Information Security Policies must include a statement of the scope of the Information Security Management System employed by your company, details of the roles and responsibilities of each member of staff and statements of controls to be implemented to protect business and customer information.

An Information Security Policy describes the controls, processes and systems required to be in place to ensure the preservation of confidentiality, availability and integrity of business and customer information as well as providing accountability for user actions in the use of information and supporting systems.

Accountability for the protection of information and the safe handling of information is provided by clearly documenting the roles and responsibilities of each employee from the board of directors right through to the cleaning staff (if necessary).

What is a security policy review?
An Information Security Policy Review ensures that policies meet regulatory requirements such as state government standards, international standards, regulatory requirements (including the Payment Card Industry Data Security Standard or Sarbanes-Oxley) and laws such as the Privacy Act.

Security Policy Reviews can also provide a measure of the effectiveness of the controls by testing the controls stated in the Security Policy.

Controls may be tested by requiring evidence of compliance to controls or reviewing of agreements such as third party outsourcing agreements or employment agreements.

When should a security policy review be conducted?
Information Security Policies should be reviewed on a yearly basis or whenever business requirements change.

This change could come about by the introduction of a new regulatory requirement, the passing of a new law or by the adoption of a new direction of the business causing information to be used in a new way.

Businesses change throughout the year though organic growth, acquisition or outsourcing. Each of these changes can bring about a change in the way information is used and the types of information used during the conduct of business.

We are witnessing significant change in the way corporations are structured with mergers/demergers and with machinery of government changes right across Australia, all of which will create an environment in which a new security framework needs to be agreed upon and effectively communicated to the staff of these 'new' organisations.

Information Security Policy Reviews assist your organisation to recognise controls which need to be documented in, or removed from, the Security Policy and can highlight areas where controls currently in place may need to be strengthened through heightened awareness or a change to internal processes.

Why should information security policies be updated each year?
Fast paced changes in technology are quickly reflected in changes in regulatory requirements, laws and internal business processes. Systems are updated, business software is outsourced to Software as a Service providers, business processes are made more efficient by transferring information onto portable media and information is able to be used by a more geographically dispersed workforce through mobile devices and remote connections.

With these changes in the business environment, the use of technology and the regulatory requirements, it is important to ensure that Security Policies are updated to ensure consistent protection of business and customer information.

An Information Security Policy Review can highlight areas where new controls need to be adopted or current controls need to be tightened.

How is a security policy review conducted?
So how is a Security Policy Review conducted? Loop Technology’s Security Consultants engage with your business, using a consultative approach of workshops and information sharing sessions, to learn the types of information and the way in which this information is used, stored and transmitted in the conduct of business.

With this understanding, our Security Consultants review the current Information Security Policy documents to ensure adequate controls are documented to enable consistent protection of the identified information and associated systems.

Information Security Policies are compared between required regulatory standards, industry best practices and reviewed to ensure they are aligned with best practices.

Following this comparison exercise, you will be provided with a report giving a high level indication of the quality of the Security Policy documentation, strength of controls, ability to comply with the controls and a measure of compliance to controls.

A high level action plan or summary of findings is also provided giving you a jumping off point for improvement to the Security Policy documentation.

What are the next steps?
If you are interested in having a Security Policy Review conducted contact Loop Technology to discuss your requirements.

INformation sECURITY POLICY REVIEW

INformation sECURITY
POLICY REVIEW