A strong policy framework is the cornerstone of solid information security. LOCKNET can review your current documentation and verify the existence of current policies that are up to date and effective. We can also help co-author any policies that need to be updated or added. All documentation can be organized for reference and regular review.  Below is a sample list of policies that are frequently found in a strong policy handbook:

• Information Security Policy - explains the security procedures, software and hardware that the financial institution uses to protect information systems
• Internet Acceptable Use Policy – sets acceptable internet use for the institution
• Electronic Communication Acceptable Use Policy – sets acceptable email, voice mail, fax, cell phone, PDA usage for the institution
• Password Policy – defines password requirements for the various systems used
• Patch Management Policy - defines patch management strategy and time frames
• Patch Management Documentation Spreadsheet – helps document efforts in this area
• Vendor Management Policy - sets standards by which IT vendors are measured and assessed
• Vendor Management Documentation Spreadsheet – helps document efforts in this area
• Clean Desk Policy – sets standards for employees to follow when working with non public, personal information
• Information Disposal Policy – defines how the institution will dispose of confidential information, old computers, CDs, DVDs, disks, reports, etc.
• IT Risk Policy – defines IT risk and how the institution will minimize those risks
• Incident Response Program - details how the institution will react in the event of an information breach
• Remote Access Policy – defines remote access security and standards if any remote access is available