Policy and Plan Development


Effective policies, plans, and procedures are the pillars of successful data security and compliance programs.  They serve many purposes, including:

  • Documenting a framework of best practices and expected behavior
  • Acting as a guide for responding to security incidents or data loss
  • Defining roles and responsibilities
  • Helping achieve or maintain regulatory compliance
  • Formalizing data security procedures

Policy Review and Development Services

Our policy review and development services are designed to help companies establish a secure foundation while meeting organizational objectives and regulatory requirements.  The first step of the process is to confirm your organization’s compliance requirements, target areas and risk threshold. Existing policies are then reviewed against industry and compliance best practices.  Next, we will make policy and procedural recommendations that improve target areas, address compliance needs and bring risk to an acceptable level.  Furthermore, we will suggest additional written policies to consider implementing.

There are a number of information security policies that are important to have in place, including:

  • Incident Response
  • Disaster Recovery / Business Continuity
  • Technology Acceptable Use
  • Remote Access
  • Backups
  • Data Encryption
  • Risk Management
  • Physical Security
  • Password Best Practices
  • Privacy
  • Change Control
  • Wireless Access

Incident Response, Disaster Recovery and Business Continuity

One of the greatest tests of an organization is its response to a crisis such as a data breach or a catastrophic event that threatens to disrupt business operations. Mistakes and delays in the wake of an incident only compound the problem, which is why incident response, disaster recovery, and business continuity plans are so important.  They provide a detailed road map for effectively responding to, and recovering from, major events.

Information Security Policy Implementation and Adherence

The value of a security policy lies in how well employees and others adhere to it.  For example, if a policy requires laptops to use encryption but only 50% of the laptops are actually encrypted then there is a policy implementation and adherence problem.  Accordingly, our job is not done once policies are put into written form.  Rather, we work directly with organizations to help them develop a plan for effectively communicating their security policies, implementing any changes, and monitoring policy adherence.  Our goal is to ensure information security policies are put into practice and seamlessly integrated into daily business activities.

Getting Started with our Information Security Policy Consultants

To request a quote or to learn more about the information security policy services available from TCDI, please call 1-877-840-4357.