Security Policies Procedures

Security Manual Template
Version History

Sarbanes-Oxley / HIPAA
PCI-DSS - CobiT
ISO 27000 Compliant

Order Security ManualDownload Security Table of Contents

The Security Manual Template is typically updated every three to six months. If you subscribe for the update service you will automatically receive all of these updates.  You can maximize your investment by subscribing to our update service. With the updated you are kept abreast of the latest technological and mandated security developments. Below is a listing of the most recent updates.

Version History

Version 12.0

  • Added section on Security Information and Event Management (SEIM) - includes best practices
  • Added section on Identity Protection
  • Updated 24 included electronic forms
  • Updated mandated compliance requirement
  • Added eReader version to product offering

Version 11.3

  • Added section on 10 Best Practices for Ransomware Protection
  • Updated to meet the latest mandated compliance requirements and ISO standards
  • Added section on Practical Tips for Prevention of Security Breaches and PCI Audit Failures
  • Added section on the risk assessment process

Version 11.2

  • Added User/Customer Sensitive Information and Privacy Bill of Rights

Version 11.1

  • Added Best Practices Section
  • Added Electronic forms for:
    • Mobile Device Security and Compliance Checklist
    • Outsourcing and Cloud Security Compliance Agreement
    • Server Registration
    • Text Messaging and Sensitive Information Agreement
  • Updated Electronic Forms
  • Updated Graphics
  • Reviewed and updated to meet all mandated government and international standard requirements
  • All of the supplemental materials have been updates
    • Business Impact Analysis Questionnaire
    • SOX Compliance Checklist
    • PCI Audit Program
    • Threat Assessment and Vulnerability Tool Kit

Version 11

  • Added Firewall Requirements list
  • Added Firewall Policy Security Checklist
  • Updated to meet all ISO requirements

Version 10.3

  • Updated to reflect Cloud requirements
  • Updated to reflect new and old storage technologies
  • Updated BYOD Use Agreement Form
  • Added BYOD and Mobile Content Best of Breed Security Checklist

Version 10.2

  • Added Physical and Virtual Server Security Policy
  • Added Server Registration electronic form
  • Updated headers and footers to facilitate easier customization by user

Version 10.1

  • Add Electronic forms for Threat and Assessment Process - Utilized Adobe FormCentral
  • Added Electronic Risk Assessment Matrix - Excel
  • Updated graphics

Version 10.0

  • Added section on FIPS 199
  • Added section on NIS SP 800-53
  • Added Electronic Forms
    • FIPS 199 Assessment Electronic Form

Version 9.2

  • Updated the Threat and Vulnerability Assessment to include mobile devices and BYODs
  • Added Electronic form
    • BYOD Access and Use Agreement

Version 9.1

  • Added Electronic form
    • Employee Termination Checklist
  • Added Best Practices Section to Meet Compliance Requirements

Version 9.0

  • Updated Sensitive Information Policy
  • Added Electronic Forms
    • Blog Policy Compliance
    • Company Asset Employee Control Log
    • Email - Employee Acknowledgment
    • Internet Access Request
    • Internet Use Approval
    • Internet & Electronic Communication - Employee Acknowledgment
    • Mobile Device Access and Use Agreement
    • New Employee Security Acknowledgment and Release
    • Preliminary Security Audit Checklist
    • Security Access Application
    • Security Audit Report
    • Security Violation Reporting
    • Sensitive Information Policy Compliance Agreement

Version 8.3

  • Added policy for mobile device access and use
  • Added Mobile Device Assess and Use Agreement Form
  • Added Enterprise Owned Equipment Inventory Form
  • Updated CSS Style sheet

Version 8.2

  • Updated the Threat and Vulnerability Assessment Tool

Version 8.1

  • Add section on Best Practices When Implementing Security Policies and Procedures.
  • Added section on Skype
  • Updated Sensitive Information section
  • Added section on enterprise web site security flaws
  • Corrected minor errata

Version 8.0

  • Updated Fire Suppression Section
  • Updated for ISO compliance and security domain definition
  • Log management section expanded

Version 7.3

  • Updated Risk Assessment Business and IT Impact Questionnaire
    • Updated for COBIT compliance
    • Updated for PCI-DSS compliance
    • Updated for US state level compliance (New York, Massachusetts, and California)\
    • Update for ISO security requirements

Version 7.2

  • Updated to comply with CobiT requirements
  • Added Security Management Compliance Checklist
  • Added Massachusetts Data Protection Requirements Section
  • Added Massachusetts 201 CMR 17 Compliance Checklist

Version 7.1

  • Corrected minor errata
  • Added Employee Termination Process
  • Added Employee Termination Checklist
  • Forms Added
    • Employee Termination Form

Version 7.0

  • Updated to reflect latest PCI-DSS requirements
  • Updated the sensitive information policy section
  • Forms Updated
    • Security Violation Form
    • Inspection Checklist
    • New Employee Security Form
    • Internet & Electronic Communication - Employee Acknowledgment (short form)
    • Internet Use Approval Form
    • Internet Access Request Form
    • Security Access Application Form
  • Updated ISO 27000 Security Process Audit Checklist
  • Updated to CSS Style Sheet

Version 6.5

  • Updated Threat and Vulnerability Assessment tool to include a detail work plan for the assessment process.
  • Updated Threat and Vulnerability Assessment tool to include a definition of the safeguards that should be included.
  • Threat and Vulnerability Assessment tool provided in PDF, WORD 2003, Word, EXCEL 2003, and EXCEL 2007 formats

Version 6.4

  • Blog & Personal Web Site Policy added
  • Replaced WORD 2003 style sheet with Word style sheet

Version 6.3

  • Best Practices Update
  • Added section with a summary of the ISO 27000 Series standards
  • Updated the template to comply with ISO 27000  Series Standards (27001 and 27002)
  • Disaster Recovery Plan Basics Section Added
  • Wireless Security Standards Added
  • Updated Business Impact and IT Questionnaire
  • Corrected various errata

Version 6.2

  • Sensitive Information Policy Updated
    • Best Practices Added
    • Wireless and VPN Added
    • Payment Card Industry Data Security Standard Added
    • Added separate document PCI DSS Audit Program
  • Internet and E-mail Communication Updated
    • E-mail Forwarding Added
  • Travel, Laptop, PDA, and Off-Site Meetings Updated
    • Laptop and PDA Security Added
    • Wireless and VPN Added

Version 6.1

  • Added HIPAA Audit Program Guide
  • Added ISO 17799 Security Audit Checklist

Version 6.0

  • Added section defining ISO 17799 requirements
  • Modified entire template to be ISO 17799 compliant
  • Added Best Data Deletion and Retention Practices
  • Added Spy ware Best Practices and Removal
  • Provided two versions of the documents - MS WORD
  • New Forms
    • Internet Use Approval Form
    • Internet Access Request Form
  • Updated forms
    • Internet Usage Policy - Employee Acknowledgment (short form)
    • E-Mail Usage Policy - Employee Acknowledgment (short form)

Version 5.1

  • New section on Internet, e-Mail, and Electronic Communication
  • New forms
    • Internet Usage Policy - Employee Acknowledgment
    • E-Mail Usage Policy - Employee Acknowledgment

Version 5.0

  • New section on Sensitive Information
  • New forms
    • Checklist For Separating Employees
    • Supervisor Checklist For Separating Employees

Version 4.1

  • New section on lost equipment
  • New section on termination process
    • Deciding whether to fire
    • Carrying out the firing decision
  • New attached excel spreadsheet with internal controls checklist for Sarbanes-Oxley section 404 compliance

Version 4.0

  • New section on travel and off-site meetings
  • Updated Inspection Check List Form
Order Security ManualDownload Security Table of Contents